MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0d14dc560254bac92bf251a38f4c35befa50e220a2527e65bfff73c9e26d3db8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0d14dc560254bac92bf251a38f4c35befa50e220a2527e65bfff73c9e26d3db8
SHA3-384 hash: 1761cf9ecce2266417f416c9ce066416dba87a45009de492db2c62e2ebb9179084cdca7ac84c29fac51f181a5e0ac981
SHA1 hash: a5d5d916a1d00147c941adfa667c9fb7ea67aec8
MD5 hash: 8b8fb36315a59830551a530e15027cf9
humanhash: queen-india-march-virginia
File name:VSL_MT LOYALTY_pdf.xz
Download: download sample
Signature Loki
Create hunting rule
File size:154'459 bytes
First seen:2021-03-30 11:11:36 UTC
Last seen:2021-03-31 05:29:02 UTC
File type: xz
MIME type:application/x-rar
ssdeep 3072:QnkfwoiDkQ7zIU7GaiUuQmkbIcJ2LPyU1Fy5ykWgx609EhDqMo9Ooq87Nk:ak4ookwGH0mjWU1w0kWh2kP87Nk
TLSH F3E312D686AF4DBC89A33F21EE6C566F3BF6049131456C1178AF2812077679D4BB2C06
Reporter fabjer
Tags:xz

Intelligence

File Origin
# of uploads :
2
# of downloads :
109
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27382.Rar5Heur.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0d14dc560254bac92bf251a38f4c35befa50e220a2527e65bfff73c9e26d3db8/
Threat name:
Win32.Trojan.ZmutzyPong
Create hunting rule
Status:
Malicious
First seen:
2021-03-30 11:12:08 UTC
AV detection:
7 of 48 (14.58%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=buknyvqcks5msk7skgry6tbvx35fbyraujjh4zn775z4tytnhw4a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Lokibot
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/0d14dc560254bac92bf251a38f4c35befa50e220a2527e65bfff73c9e26d3db8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

xz 0d14dc560254bac92bf251a38f4c35befa50e220a2527e65bfff73c9e26d3db8

(this sample)

Loki

Executable exe ba27cd1ecbbe8b1f445884fd3348660486f902b2e215b63b980bcad56efe5608

  
Dropping
SHA256 ba27cd1ecbbe8b1f445884fd3348660486f902b2e215b63b980bcad56efe5608
  
Delivery method
Distributed via e-mail attachment

Comments