MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5fa543644563ac8bdac878801f7e5f3cc0069ffa4097cc22bc4d6ad3dd966a16. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5fa543644563ac8bdac878801f7e5f3cc0069ffa4097cc22bc4d6ad3dd966a16
SHA3-384 hash: 170ed974975d30d85d241969a07156365e7c951003320f2ee0fa62985d12a93adf5d347777af43581825e61d2902cc87
SHA1 hash: dd1a50a0bea9d6622289ce6557926915ae78eaa2
MD5 hash: 4765d117ea440f02f20980cde9157330
humanhash: tennis-uranus-nevada-magazine
File name:Overdues_Invoice_pdf.gz
Download: download sample
Signature Loki
Create hunting rule
File size:348'458 bytes
First seen:2020-05-18 12:46:49 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 6144:ZqTNV2i/2AjuLGRH45Uey6MpsltUZIflB6OM562yQzeOjeTKMaxksEGCYqeDkY+:I/RQWYC+uunnM5P5aOKTta6ioykY+
TLSH 4A7423F751006B18AA85F4CA60A33A7E3E06E1148E4D0319B2AFBD1F5E6B9DE12347D5
Reporter abuse_ch
Tags:gz Loki


Avatar
abuse_ch
Malspam distributing Loki:

From: Asitsharma <t.eikenbusch@plastcontrol.de>
Subject: OUTSTANDING PAYMENT
Attachment: Overdues_Invoice_pdf.gz (contains "gunzipped")

Loki C2:
http://pnkp.co.id/vvp/Panel/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-18 13:36:22 UTC
File Type:
Binary (Archive)
Extracted files:
288
AV detection:
26 of 48 (54.17%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=l6sugzcfmowixwwipcab67s7htaanh72icl4yiv4jvvnhxmwnila._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

gz 5fa543644563ac8bdac878801f7e5f3cc0069ffa4097cc22bc4d6ad3dd966a16

(this sample)

Loki

Executable exe f3fd5ebe6540bda289db992910f051621df3b579c868d6f0c421168cb6db10bb

  
Dropping
MD5 68095eb10edecff494e68077b58339eb
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f3fd5ebe6540bda289db992910f051621df3b579c868d6f0c421168cb6db10bb

Comments