MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0aae09cf68e2cf637b0c02750a9d9fc37389f149db3f593a7503218f9babbd31. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0aae09cf68e2cf637b0c02750a9d9fc37389f149db3f593a7503218f9babbd31
SHA3-384 hash: 33dbcda827c1889ad35f53a84e5cc6346f979fb9bc8a472f6d20d614ca1d8392ac875ca15de95ef3f0536baf303dcf9d
SHA1 hash: 79a9f586086eef536579ab743dfee9fc0e64cff0
MD5 hash: 8fb282cbe033c48317bd2889dabe9853
humanhash: fillet-snake-sierra-indigo
File name:Wire confirmation.rar
Download: download sample
Signature Loki
Create hunting rule
File size:353'087 bytes
First seen:2020-07-29 05:39:10 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:Vtlxawx785toHlje/29ULEiYhtpGePU5INoH/HK0U/IulQP15GiLv3+hB:V9lE1LEiYhtpZM5IKfSIpPDGiDK
TLSH 43742355C1E9E6B822E1671BA3701BDE66B7A95CA99C497E343CCFAD1427EC5C80CC20
Reporter abuse_ch
Tags:Loki rar UPS


Avatar
abuse_ch
Malspam distributing Loki:

HELO: www468.sakura.ne.jp
Sending IP: 59.106.13.108
From: Cindy Lopez<Cindy.Lop@aaglobalimports.com>
Reply-To: <Cindy.Lop@aaglobalimports.com>
Subject: RE: RE: RE:UPS Shipment 779945110T:**WIRE COFIRMATION
Attachment: Wire confirmation.rar (contains "Wire confirmation_pdf.exe")

Loki C2:
http://modevin.ga/~zadmin/lmark/gld/mode.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27382.Rar5Heur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0aae09cf68e2cf637b0c02750a9d9fc37389f149db3f593a7503218f9babbd31/
Threat name:
Win32.Trojan.Delikle
Create hunting rule
Status:
Malicious
First seen:
2020-07-29 05:41:05 UTC
AV detection:
16 of 29 (55.17%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=bkxatt3i4lhwg6ymaj2qvhm7ynzyt4kj3m7vsotvamqy7g5lxuyq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Remcos
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/0aae09cf68e2cf637b0c02750a9d9fc37389f149db3f593a7503218f9babbd31

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

rar 0aae09cf68e2cf637b0c02750a9d9fc37389f149db3f593a7503218f9babbd31

(this sample)

Loki

Executable exe 20c3e4781ccd8ac11551b0eae31eeffec03bcfac4067d35caa5057c62efb057d

  
Dropping
MD5 3f61c36f4c77a06e0520bd9cd1930f5b
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 20c3e4781ccd8ac11551b0eae31eeffec03bcfac4067d35caa5057c62efb057d

Comments