MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f248c69dc56121e3775315ce3d0e01f6dcacd0b0a0a0a4a368a236dc486265df. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f248c69dc56121e3775315ce3d0e01f6dcacd0b0a0a0a4a368a236dc486265df
SHA3-384 hash: 30de08ca1d0633a10ae3a10659e2b279d1de9bad944709b7cbe396974c77c431c1b5b79177491ae1c876ea57b1175107
SHA1 hash: 58fbd03010dda8083c7a5fcc45242ee52b57d555
MD5 hash: 19dc5347bd588f7a88626ef6769f32b1
humanhash: may-eight-blossom-pizza
File name:Statement March - April 2020_pdf.gz
Download: download sample
Signature Loki
Create hunting rule
File size:427'796 bytes
First seen:2020-04-29 17:50:17 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:iwMp8MzrCyGYxpSoGfJ45Rkkk9yLlUErc63AVXGLfZPwYMJykgkpC4fsHW8iDEN:itrCax+45RkkkA3EeSZc4t8/N
TLSH D1942398E4493E02D19E252822CBFC2D3364F7F41988DF5166D63E6D19AED33C91FA09
Reporter abuse_ch
Tags:gz Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: mail.saberindo.co.id
Sending IP: 103.253.68.133
From: Viet Sun Global Co., Ltd. <Finance@vietunglobal.com>
Subject: MARCH + APRIL SOA/BAL.
Attachment: Statement March - April 2020_pdf.gz (contains "scan100228396218.exe")

Loki C2:
http://rnarport.com/dull/five/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-04-29 03:24:43 UTC
File Type:
Binary (Archive)
Extracted files:
40
AV detection:
24 of 30 (80.00%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=6jemnhofmeq6g52tcxhd2dqb63okzufqucqkji3iui3nysdcmxpq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

zip f248c69dc56121e3775315ce3d0e01f6dcacd0b0a0a0a4a368a236dc486265df

(this sample)

Loki

Executable exe 87626640140d28f12ad7797fb1a99db9e448cea959f452664873f81231cb9087

  
Dropping
MD5 74ea8281d3fbad1681ba70fea6ee8aaf
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 87626640140d28f12ad7797fb1a99db9e448cea959f452664873f81231cb9087

Comments