MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c30e76058f19229e87a34a609a1807d4b4e13c1c616b89924ec31fb1748e027f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c30e76058f19229e87a34a609a1807d4b4e13c1c616b89924ec31fb1748e027f
SHA3-384 hash: 0cb6d777a03290b452f2bb2ecb6578caed364fd872889f2ed55420329ec30a2116e935e614bddf7f492306ee7e675129
SHA1 hash: 184acc6cfde201aec9fb790561bd29bf7aa6176c
MD5 hash: a4fdf010df2fa3fa0f712d5d8528ca06
humanhash: mountain-hotel-indigo-one
File name:PO Advise_pdf 1.gz
Download: download sample
Signature Loki
Create hunting rule
File size:332'965 bytes
First seen:2020-05-27 18:18:39 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 6144:J6/RrvJlnp3M9hV+e90eKwMc9Yr5X+UD24VSlY7CItZshl3Im9+xhDynVrn18/Ye:4/jlpAhf0eKRc4X+82Nl4CITsb3jGynE
TLSH 56642360FF9F856DDCF601A4B95F040D0A2C2462AFB2E2FD8E9D2E3305924319CD5A57
Reporter abuse_ch
Tags:gz Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: host.techno-genes.com
Sending IP: 109.203.100.244
From: KIFTS PVT LTD <info@techno-genes.com>
Subject: Re: PO Updated As Advised
Attachment: PO Advise_pdf 1.gz (contains "PO Advise_pdf.exe")

Loki C2:
http://admindepartment.ir/server/five/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27382.Rar5Heur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 18:37:42 UTC
AV detection:
19 of 30 (63.33%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

gz c30e76058f19229e87a34a609a1807d4b4e13c1c616b89924ec31fb1748e027f

(this sample)

Loki

Executable exe 92f808f3d92673865bca80942d8b66f30c45f73cf0e9e47ccf8d8dcec452ff14

  
Dropping
MD5 c009f30e22ee4c019d58ba6e6e23cb4f
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 92f808f3d92673865bca80942d8b66f30c45f73cf0e9e47ccf8d8dcec452ff14

Comments