MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 034dce34a3ae7dcbbbbd2798595e9e9b530645ac8f59fba704a129cecbebfcdf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 034dce34a3ae7dcbbbbd2798595e9e9b530645ac8f59fba704a129cecbebfcdf
SHA3-384 hash: 328bdb9827e889d6337f0fa195c6133a8e9f6fab4960c185899704d89aba8346c9798509328c419ab78ffba55376ccde
SHA1 hash: 17928ae5613da9b45874b8c785f4a711bca9d50d
MD5 hash: be0993cfeb6245de7a533466833f84da
humanhash: avocado-robin-early-failed
File name:PO9563_ATMAN SOLUTIONS PVT. LTD.arj
Download: download sample
Signature Loki
Create hunting rule
File size:320'082 bytes
First seen:2020-10-19 10:40:33 UTC
Last seen:Never
File type: arj
MIME type:application/x-rar
ssdeep 6144:flfxualBlXlKZCUskMEuY69uspwUgVPDNkD4Ij79EI//DVvfKcp:fHljXlKZCJkd69bCUgVPNIHy8vfKk
TLSH EB64239B6942215DF34B6D7C1C19207B3CC9E326D62CB57975F9329B4A0123EA2CCACD
Reporter abuse_ch
Tags:arj Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: atmansol.com
Sending IP: 192.236.146.195
From: sales@atmansol.com
Subject: RE: URGENT PURCHASE ORDER
Attachment: PO9563_ATMAN SOLUTIONS PVT. LTD.arj (contains "PO#9563_ATMAN SOLUTIONS PVT. LTD.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27363.Rar5Heur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/034dce34a3ae7dcbbbbd2798595e9e9b530645ac8f59fba704a129cecbebfcdf/
Threat name:
Win32.Trojan.LokiBot
Create hunting rule
Status:
Malicious
First seen:
2020-10-19 07:29:10 UTC
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ang44nfdvz64xo55e6mfsxu6tnjqmrnmr5m7xjyeueu45s7l7tpq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/034dce34a3ae7dcbbbbd2798595e9e9b530645ac8f59fba704a129cecbebfcdf

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

arj 034dce34a3ae7dcbbbbd2798595e9e9b530645ac8f59fba704a129cecbebfcdf

(this sample)

Loki

Executable exe 53714c1699ec39b66716ebc64aac28f2474736e34dc1bbe50e95796cedc06434

  
Dropping
MD5 2621bc205daa16b628e1c4be13efee20
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 53714c1699ec39b66716ebc64aac28f2474736e34dc1bbe50e95796cedc06434

Comments