MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 604d58dd6d964ba832a934d382053c2690d37119d6884a0dbcfd575c7331e295. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 604d58dd6d964ba832a934d382053c2690d37119d6884a0dbcfd575c7331e295
SHA3-384 hash: 1260f5af8c861b6b2bf1630942b1a9b4f52f55896b31b399039912def7d7c198019ec6998c51b3d8da9fbd631bef4a1b
SHA1 hash: 19f276ed94d1ffa2673a734bc96a7aedca514f7d
MD5 hash: 351356d9607a540e7b67fa5d5c0d1594
humanhash: pizza-triple-delta-magazine
File name:product specification_PDF.gz
Download: download sample
Signature Loki
Create hunting rule
File size:337'846 bytes
First seen:2020-05-25 18:04:31 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 6144:xI5it5IcSBQ493pjqixg/BPx/xc6McHmEcMKIlFiTzR1A1edk3lQ:xKituLBt8C0xcJcHmVMpiB1TkVQ
TLSH 037423ADD1E5F97342E17F87DB1EC8CC8129D67E1C08B7A36E5C4384C66AF6A0D21252
Reporter abuse_ch
Tags:gz Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: mpolo.hostsoln.com
Sending IP: 101.100.209.17
From: Alt Marcel <m.alt@munzing.com>
Reply-To: Alt Marcel <ricknicolas.aol@hotmail.com>
Subject: REQUEST FOR QUOTATION
Attachment: product specification_PDF.gz (contains "product specification_PDF.exe")

Loki C2:
http://missingandfound.com.my/pull/Panel/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.BorlandDelphi-15
Create hunting rule

PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

SecuriteInfo.com.Trojan.DownLoader33.46044.27951.15937.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-25 18:35:35 UTC
File Type:
Binary (Archive)
Extracted files:
296
AV detection:
31 of 48 (64.58%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

gz 604d58dd6d964ba832a934d382053c2690d37119d6884a0dbcfd575c7331e295

(this sample)

Loki

Executable exe 564934829b321a0cc1fbf18ec4ca452cb90ff0d5a35b57ca1fecf59a23ee660b

  
Dropping
MD5 887d49be6f90eba9943261114b982cbd
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 564934829b321a0cc1fbf18ec4ca452cb90ff0d5a35b57ca1fecf59a23ee660b

Comments