MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 36505f1650fa0f171269034309f7e3aff79068633d893323a9ab93ab8267c1b3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 36505f1650fa0f171269034309f7e3aff79068633d893323a9ab93ab8267c1b3
SHA3-384 hash: 810bf34e1ba1ec71bc0153ba2b05e358d66e1badf1a4b03f63a18f9b9b8df87acc3e54d1ce2cb0cdacf3915601690137
SHA1 hash: 02258406f45e16fbd30491162c6a8b2b62ddaaf0
MD5 hash: ea8023cb401c96ab874f35bcd1fad1b4
humanhash: nitrogen-michigan-six-pasta
File name:EIKODO-PURCHASE-ORDER-MAY.arj
Download: download sample
Signature Loki
Create hunting rule
File size:1'109'676 bytes
First seen:2020-05-05 16:01:59 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:3DGgunij0wzDOqQlKJyIIGQdRsvmkx0uxGNqc46bqu:3CijmKJyII7dRsetuocObL
TLSH 393533CEFADB663913116618C562FFF863EA67C40410BD33D69D9634AA10DDDBE03829
Reporter abuse_ch
Tags:arj Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: saha.com
Sending IP: 173.82.115.186
From: EIKODO VIETNAM CO., LTD <trang.nguyen@s-eikodo.vn>
Subject: NEW ORDER FOR SHIPMENT TO VIETNAM
Attachment: EIKODO-PURCHASE-ORDER-MAY.arj (contains "EIKODO_purchase_order_May.exe")

Loki C2:
http://mahetechasia.com/dabs/five/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
90
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.27684.AidExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.PSW.Agent.BORA.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Aitinject
Create hunting rule
Status:
Malicious
First seen:
2020-05-05 15:39:31 UTC
File Type:
Binary (Archive)
Extracted files:
27
AV detection:
24 of 48 (50.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=gzif6fsq7ihroetjanbqt57dv73za2ddhwetgi5jvoj2xathygzq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

zip 36505f1650fa0f171269034309f7e3aff79068633d893323a9ab93ab8267c1b3

(this sample)

Loki

Executable exe c140875c9c07abe9bf32f2e6fc9d24e9e8b7e8c96b6f32203b423983749f3597

  
Dropping
MD5 bb0a4d763a2e008469dab25a31fcc8d3
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c140875c9c07abe9bf32f2e6fc9d24e9e8b7e8c96b6f32203b423983749f3597

Comments