MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 05d181b162300144b6e2d15bbd8297bf5b3b668eec53a476920eb53c029780bf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 05d181b162300144b6e2d15bbd8297bf5b3b668eec53a476920eb53c029780bf
SHA3-384 hash: 2b04d51b2b08cc9336bf245003f71a7801b7a2ce9960d6bd3175f6b7eb0e197bada96e4ebab81d79eda79eb1ba769d79
SHA1 hash: b8c1c9d4d8bdb877b2f39be7d2864c7c4d604539
MD5 hash: 291b19dcee6d8fead8a366fbc4eedf92
humanhash: whiskey-sixteen-uncle-salami
File name:ΠΙΣΤΩΤΙΚΟ ΣΗΜΕΙΩΜΑ__________________________________PDF...r00
Download: download sample
Signature Loki
Create hunting rule
File size:484'865 bytes
First seen:2021-01-14 20:10:20 UTC
Last seen:Never
File type: r00
MIME type:application/x-rar
ssdeep 12288:1Y80jXttUPuQ6EGhsH8QYdytHVj9Zj5mrVnTFlil1:e/btvscLsRd9mrVrK
TLSH BFA423FAE59ED8D504B0B62DCA02A12BF7515FECA6C4954D21B4E3FB9309743480EC6B
Reporter abuse_ch
Tags:geo GRC Loki r00


Avatar
abuse_ch
Malspam distributing Loki:

HELO: submit01.uniweb.no
Sending IP: 5.249.227.132
From: Kamelia Stefovska <jesusm@grupobpi.com.mx>
Subject: ΤΙΜΟΛΟΓΙΟ ΠΙΣΤΩΤΙΚΟ ΣΗΜΕΙΩΜΑ
Attachment: ΠΙΣΤΩΤΙΚΟ ΣΗΜΕΙΩΜΑ__________________________________PDF...r00 (contains "ΠΙΣΤΩΤΙΚΟ ΣΗΜΕΙΩΜΑ__________________________________PDF...exe")

Loki C2:
http://becharnise.ir/fox/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
163
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/05d181b162300144b6e2d15bbd8297bf5b3b668eec53a476920eb53c029780bf/
Threat name:
ByteCode-MSIL.Backdoor.Remcos
Create hunting rule
Status:
Malicious
First seen:
2021-01-14 20:11:17 UTC
AV detection:
7 of 46 (15.22%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=axiydmlcgaaujnxc2fn33auxx5ntwzuo5rj2i5usb22tyauxqc7q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/05d181b162300144b6e2d15bbd8297bf5b3b668eec53a476920eb53c029780bf

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

r00 05d181b162300144b6e2d15bbd8297bf5b3b668eec53a476920eb53c029780bf

(this sample)

Loki

Executable exe d166782041b83a802f468568d107b40bd8282c4a3776f560d722e2e90d1c12d6

  
Dropping
MD5 bec0173b84f767b9d1ae188dc34aa76f
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d166782041b83a802f468568d107b40bd8282c4a3776f560d722e2e90d1c12d6

Comments