MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 067948fc7e38a18c3628e45a50ab51a6363f05f006afb8040e8f4ab7996eaa5d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 067948fc7e38a18c3628e45a50ab51a6363f05f006afb8040e8f4ab7996eaa5d
SHA3-384 hash: 3e3b74969ec6fad0921222d910cb11cd82986cdef083983f6acb0b658024433dd19b164ed8f6e459053ab7167c1d85b3
SHA1 hash: 58becb11a16417b3e06c99641802af0f6a9bba83
MD5 hash: 85939d55055ca18a7bdd48360bb4cc0c
humanhash: nuts-paris-utah-london
File name:purchase order__pdf__.gz
Download: download sample
Signature Loki
Create hunting rule
File size:23'518 bytes
First seen:2020-05-12 09:18:53 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 384:iwTB1J0F/a4C7w7Ojpwz2e1cwk7PBCoLC/Xq0a3jrdb2X8cDYvH/rJmRJnhN5oRM:i+1JsRCKON1syYp4FCXVsvflmRoRwh
TLSH 2CB2E158A1D613A01837058A2E1D5EB07070F3D1BB67197E6CD61DD28AE7BDAE8E0C36
Reporter abuse_ch
Tags:gz Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: mutluturyachting.com
Sending IP: 104.168.172.224
From: noyan@mutluturyachting.com
Reply-To: noyan@mutiuturyachting.com
Subject: Purchase order
Attachment: purchase order__pdf__.gz (contains "MTR9087DS.bat")

Loki C2:
http://illabalasco.us/ik/aba.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-12 09:36:28 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
17 of 31 (54.84%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=az4ur7d6hcqyynri4rnfbk2ruy3d6bpqa2x3qbaor5flpglovjoq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

gz 067948fc7e38a18c3628e45a50ab51a6363f05f006afb8040e8f4ab7996eaa5d

(this sample)

Loki

Executable exe 2cd6fffb63a9a7e9c8b6709904d69954c4818e64dcf7e3bd95eea2a7ae28cd81

  
Dropping
MD5 52c05a5967b04189b8df0d034c3bc558
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2cd6fffb63a9a7e9c8b6709904d69954c4818e64dcf7e3bd95eea2a7ae28cd81

Comments