MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d0fa4b4fd35693466dbf6ace1883846552f6497f65a4d7bc6ebf22b15819e778. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d0fa4b4fd35693466dbf6ace1883846552f6497f65a4d7bc6ebf22b15819e778
SHA3-384 hash: 2c50603d56f5416de8fc0f6db76b70a10469def19a380d49874b7317df851b17509889d342fb275a583fee2102d929bd
SHA1 hash: fa35b58680d1cd257d472e4a2fc00206898c642c
MD5 hash: 42fdcd215a9d37dbddfc2a4e6a40b6b5
humanhash: low-aspen-east-nineteen
File name:INV20-0233 SPEEDTECH.pdf.arj
Download: download sample
Signature Loki
Create hunting rule
File size:1'040'147 bytes
First seen:2020-04-24 14:11:07 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:WQy34BaeTNaYTV2Y9fEZZutugfJGk8xYzF+5P/ATHCVld6V59nx:WF34YIE/afE2hfwkMQ+5HATHCVld2H
TLSH 31253360B882EE8566C7BDD897AE51F0FF5017E962C66B1F3E3D1E0D1043B78127425A
Reporter abuse_ch
Tags:arj Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: hosting1.beeline.am
Sending IP: 212.73.86.34
From: marine.parsadanyan@spm.am
Subject: RE: UPDATED STATEMENT AS ON 24/04/2020
Attachment: INV20-0233 SPEEDTECH.pdf.arj (contains "over-due-payment-pdf.exe")

Loki C2:
http://alforcargo.com/clean/five/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.27684.AidExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.AIT.Trojan.Nymeria.1583.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.25906.ZipHeur.BadExt.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Androm
Create hunting rule
Status:
Malicious
First seen:
2020-04-24 13:44:57 UTC
File Type:
Binary (Archive)
Extracted files:
27
AV detection:
23 of 31 (74.19%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=2d5ewt6tk2jum3n7nlhbra4emvjpmsl7mwsnppdox4rlcwaz454a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

zip d0fa4b4fd35693466dbf6ace1883846552f6497f65a4d7bc6ebf22b15819e778

(this sample)

Loki

Executable exe 80cc30eb8760621854de71b1265b18be5902efd7577ae69b442264598041e3c9

  
Dropping
MD5 ae075de475efd733260d58676b2b0511
  
Dropping
SHA256 80cc30eb8760621854de71b1265b18be5902efd7577ae69b442264598041e3c9
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 80cc30eb8760621854de71b1265b18be5902efd7577ae69b442264598041e3c9

Comments