MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2d13a6d1c2009752e6083d06cfc18086e48a3cbe903467f59b894aa39cb32c64. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2d13a6d1c2009752e6083d06cfc18086e48a3cbe903467f59b894aa39cb32c64
SHA3-384 hash: 33df1b5d15c382179472050a676cfc341b1978c7592e90180cfd54904f95324dd881e230f206c35b64ca5e3578a81c93
SHA1 hash: e58cb694e5e8f3e5f1c4686364ab0a2d962b60d1
MD5 hash: 371b48fc9d1351ca2caa0dafa99443ef
humanhash: foxtrot-texas-ten-nineteen
File name:DOCUMENT.cab
Download: download sample
Signature Loki
Create hunting rule
File size:179'159 bytes
First seen:2020-06-26 15:43:37 UTC
Last seen:Never
File type: cab
MIME type:application/vnd.ms-cab-compressed
ssdeep 3072:xB7Ig8lwQnIFzZu7V7R6CdvVL8nafTA/4HpYagepk2WBJ2kAubZhNFl1:/7Igw3nazknp+ATAFag12CJBAubfNV
TLSH 5F04234633D2558337CDE63DD98D50529FB7D36FAAAD812015F1CAAE8622780C3F7448
Reporter abuse_ch
Tags:cab Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: hmbproperties.ae
Sending IP: 185.222.58.113
From: management@hmbproperties.ae
Subject: DOCUMENT
Attachment: DOCUMENT.cab (contains "DOCUMENT.exe")

Loki C2:
http://siiigroup.com/blue/five/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
95
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Artemis2A46FD19BDA3.9064.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2d13a6d1c2009752e6083d06cfc18086e48a3cbe903467f59b894aa39cb32c64/
Threat name:
ByteCode-MSIL.Trojan.Frs
Create hunting rule
Status:
Malicious
First seen:
2020-06-26 14:06:33 UTC
AV detection:
21 of 31 (67.74%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=fuj2nuocaclvfzqihudm7qmaq3siupf6sa2gp5m3rffkhhftfrsa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

cab 2d13a6d1c2009752e6083d06cfc18086e48a3cbe903467f59b894aa39cb32c64

(this sample)

Loki

Executable exe bb8eeafb537c822717205f6000f7b96d2ec564414529664475acbd0af091d9fb

  
Dropping
MD5 0596ecd57f2b362b9efb7f9fa4ac80e4
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 bb8eeafb537c822717205f6000f7b96d2ec564414529664475acbd0af091d9fb

Comments