MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0426bd2494d5dca8533201c9ecbaea6608b28f052c87baedba31e08d9ba4ad1d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0426bd2494d5dca8533201c9ecbaea6608b28f052c87baedba31e08d9ba4ad1d
SHA3-384 hash: fcaba95d820f06c5396702d7f9277801b8ea5c12f3f89fc0af23b5c5a9e057c7ba45b21299ecc5d488d144c05994b4d0
SHA1 hash: 2e4435c12000f9e519610bd3f5580e057d1ea45f
MD5 hash: b9ac0d84ceae5ec947ee39fbbaab8216
humanhash: missouri-kitten-social-jersey
File name:swift-copy-pdf.arj
Download: download sample
Signature Loki
Create hunting rule
File size:1'010'743 bytes
First seen:2020-05-07 07:00:22 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:5oD5PvulmCFzSZ+5d75fxDU540cQjqVgnp+pPOWqp9e0GkXKmYBl:5E3S9S0v7xEncuDKt
TLSH F825334213DE36B36687D9BC86AB3793DA80B6796132C13EA550C6C71A5703E752FB03
Reporter abuse_ch
Tags:arj Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: srv-mail.mstu.edu.ru
Sending IP: 95.54.199.203
From: CHONGQING BISHAN ICBC RURAL BANK CO., LTD <sokolovaoa@mstu.edu.ru>
Subject: Successful Fund Transfer for PO # 7145670
Attachment: swift-copy-pdf.arj (contains "swift-copy-pdf.exe")

Loki C2:
http://oneflextiank.com/cola/five/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.27684.AidExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.PSW.Agent.BORA.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.25906.ZipHeur.BadExt.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-07 07:36:30 UTC
File Type:
Binary (Archive)
Extracted files:
27
AV detection:
28 of 47 (59.57%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=aqtl2jeu2xokquzsahe6zoxkmyelfdyffsd3v3n2ghqi3g5evuoq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

zip 0426bd2494d5dca8533201c9ecbaea6608b28f052c87baedba31e08d9ba4ad1d

(this sample)

Loki

Executable exe 4c85122f83c69509a94932fa916aed7c8d8096463dbee29ccdbe3abdbd492b6a

  
Dropping
MD5 aaeb6829419dd0257d5efbc4b3d474e8
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4c85122f83c69509a94932fa916aed7c8d8096463dbee29ccdbe3abdbd492b6a

Comments