MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0ebdca7db219f68c5695863e42ab33daf87b6c41deb8a314a99cce2a5e2a697e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0ebdca7db219f68c5695863e42ab33daf87b6c41deb8a314a99cce2a5e2a697e
SHA3-384 hash: 9b5306a27ebf47f139a7d93932f9eb719537ba390d3b8001aeebf5af5095210e47a0317a019a40caa58ed6781893a697
SHA1 hash: 930bf3b28c4587196c67fda2cd7efa0f754c852d
MD5 hash: b915348fd6d528dcaa2da54e1523e0ad
humanhash: stream-lithium-magazine-potato
File name:INV20202906PO195.img
Download: download sample
Signature Loki
Create hunting rule
File size:333'824 bytes
First seen:2020-06-29 07:37:20 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 6144:kPCganNBbpUhxMMUTOcLAJsaPdKFNCkBNq1F70VA4adn92cVP/g:SanHb+MMwOcLw3dKFNC0Y1FvPdn7P
TLSH 8764122973A0DDE3DA540A702F728D771BF746950094AB43A3882E9CAF6B5D3412F793
Reporter abuse_ch
Tags:COVID-19 img Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: ecs-b68dM.localdomain
Sending IP: 102.38.254.72
From: Majid Jami <majid.jami@parsbehdasht.com>
Subject: COVID-19-Order-june-29-06-20-Quote
Attachment: INV20202906PO195.img (contains "frega.exe")

Loki C2:
http://egamcorps.ga/~zadmin/lmark/frega/mode.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Downloader.Soft32downloader-6691270-0
Create hunting rule

SecuriteInfo.com.Artemis162931E90DCF.4593.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0ebdca7db219f68c5695863e42ab33daf87b6c41deb8a314a99cce2a5e2a697e/
Threat name:
Win32.Trojan.Swotter
Create hunting rule
Status:
Malicious
First seen:
2020-06-29 07:39:04 UTC
AV detection:
17 of 31 (54.84%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=b264u7nsdh3iyvuvqy7efkzt3l4hw3cb324kgffjtthcuxrknf7a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

img 0ebdca7db219f68c5695863e42ab33daf87b6c41deb8a314a99cce2a5e2a697e

(this sample)

Loki

Executable exe e90afb5e8db6f087a07263fa3814f1ce4b82472418331b910884a5ae7d27d467

  
Dropping
MD5 79913a41b0aa377d2e31ef8ed0ce94e8
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e90afb5e8db6f087a07263fa3814f1ce4b82472418331b910884a5ae7d27d467

Comments