MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e0f01f01aca8829002e9a18b01c63bf7efbfc4b1cf6aba32733303e7e204c58d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e0f01f01aca8829002e9a18b01c63bf7efbfc4b1cf6aba32733303e7e204c58d
SHA3-384 hash: 817a4da5bf0e6bdea1f3944e340f4499c6efbddc2c8c2fa35049b6d8c844a4f27c21b1398ac52e808af25f3fe8e17640
SHA1 hash: d4b6e24e613fb87cc430ce9af50e41198e28026e
MD5 hash: f8bdf24d80556a9325556d509be32452
humanhash: blue-skylark-arizona-artist
File name:scan 011001110.gz
Download: download sample
Signature Loki
Create hunting rule
File size:348'759 bytes
First seen:2020-05-15 09:31:15 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:ap/w/l0z/dP/L28blDy6p7U7fpaO9HuxUsELXCF0fIKPecYntA:A/wd0p19p7sBZ9AQ9PecutA
TLSH 767423967DE1085BE0563DD6C5939BDBD6238A8B010ABC8E4C1F8DC61B79B408B7B4CD
Reporter abuse_ch
Tags:gz Loki


Avatar
abuse_ch
Malspam distributing Loki:

From: Wouter Visschers <W.Visschers@cnc.nl>
Subject: FW: REQUEST SOA PAYMENT DETAILS APRIL 2020
Attachment: scan 011001110.gz (contains "S-19799C.exe")

Loki C2:
http://lmpulsefashion.net/three/gates2/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

SecuriteInfo.com.Variant.Zusy.303669.16102.12195.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-15 05:31:51 UTC
File Type:
Binary (Archive)
Extracted files:
316
AV detection:
24 of 31 (77.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=4dyb6anmvcbjaaxjugfqdrr367x37rfrz5vlumttgmb6pyqeywgq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

zip e0f01f01aca8829002e9a18b01c63bf7efbfc4b1cf6aba32733303e7e204c58d

(this sample)

Loki

Executable exe 6e44c03fa07b0da594a28cb354190c540d54453e82577256b0ec18cf4a0afb07

  
Dropping
MD5 e3e4d1201973b380676d1c135383e139
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 6e44c03fa07b0da594a28cb354190c540d54453e82577256b0ec18cf4a0afb07

Comments