MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ed68f568c886825e55c8a4c07e1f147260d6c51ecab77b194c0a692e96f95b71. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ed68f568c886825e55c8a4c07e1f147260d6c51ecab77b194c0a692e96f95b71
SHA3-384 hash: 32485d8fa585c010c647ee231b5b7706b3fac506e433919f9e2e6eb87c34f0749f7c9be35bf0db72b7f2d2cc62702784
SHA1 hash: 91e61ebc30e08c50fc786fa046480ac197c800fa
MD5 hash: 63b7decd66f75b550e318630933b7c7b
humanhash: mike-zebra-king-fillet
File name:All docsAgreements_pdf.arj
Download: download sample
Signature Loki
Create hunting rule
File size:390'148 bytes
First seen:2020-04-16 12:21:12 UTC
Last seen:Never
File type: arj
MIME type:application/x-rar
ssdeep 6144:zUDxglS0z3kHIlQdczxikZwlCDK5zTikmR+cOrVE4bvyl6cBk/JD1wj2byl7612J:ATHIlQezizmkHrVrUu/JDSayIGTn
TLSH 1F84236FC330A76DBB65950EA8D9C3A81667DAC23315B0095FFFAD056FC8122697C930
Reporter abuse_ch
Tags:arj COVID-19 Loki


Avatar
abuse_ch
COVID-19 themed malspam distributing Loki:

HELO: slot0.bankofengland.biz
Sending IP: 45.148.120.167
From: Lukas Jonas(Imports) <service@bankofengland.biz>
Subject About our order before Covid-19(Check Availability of Goods)
Attachment: All docs&Agreements_pdf.arj (contains "All docs&Agreements_pdf.exe")

Loki C2:
http://capital-sd.com/jay/Panel/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27382.Rar5Heur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-04-16 12:35:26 UTC
File Type:
Binary (Archive)
Extracted files:
22
AV detection:
20 of 31 (64.52%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=5vupk2giq2bf4voiutah4hyuojqnnri6zk3xwgkmbjus5fxzlnyq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

arj ed68f568c886825e55c8a4c07e1f147260d6c51ecab77b194c0a692e96f95b71

(this sample)

Loki

Executable exe 3be112e4807d9f624e19e1843e83a8c371d05632629d83b6e487d7b4703195b2

  
Dropping
MD5 935f5e946a7455f30ce649477dbd8cba
  
Dropping
SHA256 3be112e4807d9f624e19e1843e83a8c371d05632629d83b6e487d7b4703195b2
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 3be112e4807d9f624e19e1843e83a8c371d05632629d83b6e487d7b4703195b2

Comments