MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d2bc3ecb98a46b74d28f20e252997fd693db03e02d3120e7f11047ca639e7fa3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d2bc3ecb98a46b74d28f20e252997fd693db03e02d3120e7f11047ca639e7fa3
SHA3-384 hash: 875f97ce419874b5c191226de539c1ef18a9bea7eaea0358b4cceff4e3808dfee28dc3ee0c39c3a253c5a4220e772f08
SHA1 hash: f3df0c64cc2d05136411489f851954361294f9e9
MD5 hash: 986647c39c968cf5fcc3d35c12ac9bfa
humanhash: red-yellow-kentucky-fourteen
File name:Swift copy.pdf.z
Download: download sample
Signature Loki
Create hunting rule
File size:163'465 bytes
First seen:2020-06-19 16:45:45 UTC
Last seen:2020-06-20 06:46:50 UTC
File type: z
MIME type:application/x-rar
ssdeep 3072:ncYDVNUnNwm3TkBN3Eelq4Gx+0w8LzS2UIEBSKJW+RoGVUU6bIajQHLsNqKA:cuGnNwGTiN3Eeld/H8LmzSiW+1mR7jQ/
TLSH 45F312E1AFD7AEE0D8325D19292A01BFE2ED8F4D4E4A9743994A7ACD14EE5110373C90
Reporter abuse_ch
Tags:Loki z


Avatar
abuse_ch
Malspam distributing Loki:

HELO: sunshinespecialities.com
Sending IP: 37.48.85.217
From: Accounts<Frank@sunshinespecialities.com>
Subject: Balance Payment Confirmation (Swift copy)
Attachment: Swift copy.pdf.z (contains "Swift copy.pdf.exe")

Loki C2:
http://reiangkor.com/admin/lang/Panel/five/fre.php

Intelligence

File Origin
# of uploads :
3
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Infostealer.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-06-19 15:41:35 UTC
File Type:
Binary (Archive)
Extracted files:
6
AV detection:
19 of 31 (61.29%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=2k6d5s4yurvxjuupedrffgl722j5wa7afuysbz7rcbd4uy46p6rq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

z d2bc3ecb98a46b74d28f20e252997fd693db03e02d3120e7f11047ca639e7fa3

(this sample)

Loki

Executable exe 54733b1af96fc6623b68b41df3bf4ea03ad0565ccf128d5d27339b8e5d003018

  
Dropping
MD5 84ca345b93da54cd44c55923d2f8aabb
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 54733b1af96fc6623b68b41df3bf4ea03ad0565ccf128d5d27339b8e5d003018

Comments