MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d4451b7a4978ff5ce902f963f349a3da44fd0c561fedb62f939dea888e2c0614. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d4451b7a4978ff5ce902f963f349a3da44fd0c561fedb62f939dea888e2c0614
SHA3-384 hash: 50edd9a98b40a3e0e0617c7a869fd5513709fdb9dd33f3351c408433809e4a491b9e3b64c3e49a734e0f790b470a820e
SHA1 hash: ee4169b2c855bb10d771fdd4c1bc070f80f363e9
MD5 hash: 3968c41eb5803c12d25028b6e77f37f6
humanhash: illinois-potato-mexico-tennis
File name:SWIFT_MT103-PDF.zip
Download: download sample
Signature Loki
Create hunting rule
File size:383'223 bytes
First seen:2020-05-27 07:44:31 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:9Qd+Qtk7xUahHs0fgeSIfU/sS6Sn+kvoasKBIBasjlLXYQzXPnbzgyXTUF:6Vtk7thHZfgeSaBkvooINpL1Pg6TUF
TLSH 1484234317B09E338649F077A49333B8667AC81768F512B6D387BDD448DB33936A2A53
Reporter abuse_ch
Tags:Loki zip


Avatar
abuse_ch
Malspam distributing Loki:

HELO: spfilter-1.sel01.mschosting.com
Sending IP: 110.4.41.64
From: Finance Team <shenshen@yapneon.com.my>
Subject: ADVANCE REMITTANCE OF FUNDS $74,000
Attachment: SWIFT_MT103-PDF.zip (contains "SWIFT_MT103-PDF.exe")

Loki C2:
http://kaleemimamig.com/amey/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

SecuriteInfo.com.Win32.Herz.B.8644.32604.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.24397.ZipHeur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 09:12:26 UTC
File Type:
Binary (Archive)
Extracted files:
265
AV detection:
20 of 47 (42.55%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

zip d4451b7a4978ff5ce902f963f349a3da44fd0c561fedb62f939dea888e2c0614

(this sample)

Loki

Executable exe caa2e60301253755864101e4e87e427842a0ba4f78f40e1bc330991b87775028

  
Dropping
MD5 e25d072e44df14b8c77ef2a6f79899a8
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 caa2e60301253755864101e4e87e427842a0ba4f78f40e1bc330991b87775028

Comments