MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2eb6e02a92dc98c5689cd769f18789d584bec6c99223c851afc5ea8e2e702a45. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2eb6e02a92dc98c5689cd769f18789d584bec6c99223c851afc5ea8e2e702a45
SHA3-384 hash: 2e765edaa785be2b2d28429ca0e78566b03ea0c6446282f9d1ce06f456be9d59d31c578933bb1d96c8ee45b35fd50b3b
SHA1 hash: ac2e10f2560553eb5052e42c601ef9c4ebe5ce7d
MD5 hash: 4e99250423b01cc6c3fe4a60cf59a9c6
humanhash: failed-hydrogen-butter-enemy
File name:PO ORDER_PDF.gz
Download: download sample
Signature Loki
Create hunting rule
File size:408'520 bytes
First seen:2020-05-12 05:28:45 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 12288:/f7AniEYY245gph7biqSvFiO9JingTkhDiX1rZzdPYVfvHQsy:H72i6WphKLdiOXUgQ2JZzdAt2
TLSH 5494238724811E8AE6D11B4F02B8AC7E6D7D2C5111DE62191EEB6BFC5841D2C6F63C2F
Reporter abuse_ch
Tags:gz Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: ip-172-31-21-154.ec2.internal
Sending IP: 54.145.164.71
From: PT. JARUM MAS <sales-in@epsglobal.com>
Subject: PO CONFIRMATION, PT. JARUM MAS
Attachment: PO ORDER_PDF.gz (contains "PO ORDER_PDF.exe")

Loki C2:
http://missingandfound.com.my/pull/Panel/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Loki
Create hunting rule
Status:
Malicious
First seen:
2020-05-12 05:36:07 UTC
AV detection:
25 of 48 (52.08%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=f23oakus3smmk2e425u7db4j2wcl5rwjsir4qunpyxvi4ltqfjcq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

gz 2eb6e02a92dc98c5689cd769f18789d584bec6c99223c851afc5ea8e2e702a45

(this sample)

Loki

Executable exe 7fba3b77e262416bceaa1d316ed9518f9f4be3f91ab0f11e276d69190053c99a

  
Dropping
MD5 c5561d1e4e4244bca7f7326144059364
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7fba3b77e262416bceaa1d316ed9518f9f4be3f91ab0f11e276d69190053c99a

Comments