MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0974f97a7e0cd9be3ecb4fd1d7d23110f13bc1b23fc959ae7bd732893cfec176. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0974f97a7e0cd9be3ecb4fd1d7d23110f13bc1b23fc959ae7bd732893cfec176
SHA3-384 hash: 1b014db8b5edc84da373d3cc1234a1f810a5a2f01df24496d04715f1c00a77c9700a90b1789704fdd76da37c9e5057b9
SHA1 hash: 0b09e996c00b0bfc5aa092c7cf423ac4e6323146
MD5 hash: 5194fbbf76bc0103680e2a9c734d6e8a
humanhash: venus-freddie-red-illinois
File name:BANK_TT_pdf.rar
Download: download sample
Signature Loki
Create hunting rule
File size:344'844 bytes
First seen:2020-11-19 08:08:10 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:f/zuCkskVDWQRD1ubYNcpQSc3jtbxvY5CHpspW5RvuEdXwX/i3Cjl/b:TuCPMDWSubYuQSwbxvACHGpGRvuEdAPB
TLSH 3E742378E00F0DFA942878B46316658B828D48C673F9F575052B5923C6732F3FACA4B9
Reporter abuse_ch
Tags:Loki rar


Avatar
abuse_ch
Malspam distributing Loki:

HELO: omr23.orchid.atmailcloud.com
Sending IP: 13.251.146.0
From: Гульбайра Максуталиева <g.maksutalieva@intelmed.kg>
Subject: Transaction Notification : Success
Attachment: BANK_TT_pdf.rar (contains "BANK_TT_pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
111
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27382.Rar5Heur.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0974f97a7e0cd9be3ecb4fd1d7d23110f13bc1b23fc959ae7bd732893cfec176/
Threat name:
Win32.Trojan.Gafgyt
Create hunting rule
Status:
Malicious
First seen:
2020-11-19 04:50:18 UTC
AV detection:
17 of 28 (60.71%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=bf2ps6t6btm34pwlj7i5purrcdytxqnsh7evtlt324zisph6yf3a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/0974f97a7e0cd9be3ecb4fd1d7d23110f13bc1b23fc959ae7bd732893cfec176

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

rar 0974f97a7e0cd9be3ecb4fd1d7d23110f13bc1b23fc959ae7bd732893cfec176

(this sample)

Loki

Executable exe 0857f0056e339aaf0ba904aa69f0ce9c5f383aeeda1486ff36f5c24adff0a077

  
Dropping
MD5 6d69a09df01d19ae92678159dd1c6545
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0857f0056e339aaf0ba904aa69f0ce9c5f383aeeda1486ff36f5c24adff0a077

Comments