MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 10ebf8a1a310fe3c1ef4aba318205ce6f75d4321b3609334ad9f29e8c18fcfed. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 10ebf8a1a310fe3c1ef4aba318205ce6f75d4321b3609334ad9f29e8c18fcfed
SHA3-384 hash: c25bb7525edf26d6efc66cdbbdf430c8ac41140c9e638f0ffad76fb7d9073aff6be214043f609172d5696183586beedf
SHA1 hash: c312667769711fe4275dbcb8374d2a32b088cf57
MD5 hash: 3cf33a003fc0d81aaa502e3e10a2c5b5
humanhash: stairway-hydrogen-romeo-november
File name:BalES001_20204060041.PDF.gz
Download: download sample
Signature Loki
Create hunting rule
File size:377'716 bytes
First seen:2020-10-23 06:59:07 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 6144:pamt1Y/YHARMOlxzXmgQI5BgFb4NojhnR7WowF7DPsrqDmIiGXG92bADn5zRl7GG:s4PqMi+I5eFkS0owFv4IiG292k1zRL3
TLSH FA8423C26AC4B10D22E0E9F79B41CCA5C4729040FB6DE1970FD978916838B1B5B9D8EE
Reporter abuse_ch
Tags:gz Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: server.tuguhotels.com
Sending IP: 103.219.251.235
From: Mandiri Banking Financial (Persero) <saigonsan@tuguhotels.com>
Subject: Data Saldo Balance ❗️❗️❗️
Attachment: BalES001_20204060041.PDF.gz (contains "BalES001_20204060041.PDF.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/10ebf8a1a310fe3c1ef4aba318205ce6f75d4321b3609334ad9f29e8c18fcfed/
Threat name:
Win32.Trojan.LokibotCrypt
Create hunting rule
Status:
Malicious
First seen:
2020-10-23 04:35:49 UTC
AV detection:
14 of 47 (29.79%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=cdv7rindcd7dyhxuvorrqic4433v2qzbwnqjgnfnt4u6rqmpz7wq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

gz 10ebf8a1a310fe3c1ef4aba318205ce6f75d4321b3609334ad9f29e8c18fcfed

(this sample)

Loki

Executable exe da79af644ccddeea2cc0119a13156dc16958097308c4ff55f387e49298c1f87f

  
Dropping
MD5 1f2158f4a160a50675a0b43eda1807e7
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 da79af644ccddeea2cc0119a13156dc16958097308c4ff55f387e49298c1f87f

Comments