MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 11abee751c90b2137b009aa0a2f25ed3b002167f3eb9ad1c4059717c4e1e5fd9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 11abee751c90b2137b009aa0a2f25ed3b002167f3eb9ad1c4059717c4e1e5fd9
SHA3-384 hash: b445878c7898394d0bd99fb7625d163e57a6ffc682e938fc9c20fa3732384de7f916f5dfbbc80a0d9bed838838f035f3
SHA1 hash: 2ded325ef1a8db31085cc34438a4f391c13561e9
MD5 hash: b8062f0265a079630546df74ad3e8f3b
humanhash: aspen-nineteen-victor-seven
File name:paymentslip80893_2020_pdf.gz
Download: download sample
Signature Loki
Create hunting rule
File size:363'967 bytes
First seen:2020-06-09 06:29:55 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:RP222MQGVxLsQKUAjiT6z9BZR+jM7AWAQZVdpVrYXUrmqxYvIiyBVduDsbR3NT:d2gQGVxSsy9F+6dZXpV8XG7YqcgbR3R
TLSH 177423F508D72285FF0825128BB6277958E1FD364ACFEE5316A2C886D941EF4B1039ED
Reporter abuse_ch
Tags:gz HSBC Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: mail.alrytechem.cf
Sending IP: 94.100.28.228
From: HSBC Advising Service <advising.service.69637848.2896140920@mail.hsbcnet.hsbc.com>
Subject: Payment Advice - Advice Ref:[G30482652755] / Priority payment / Customer Ref:[4400037369].
Attachment: paymentslip80893_2020_pdf.gz (contains "paymentslip80893_2020_pdf.exe")

Loki C2:
http://fuscon.ga/L3/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

SecuriteInfo.com.AI.Packer.46E09C1421.12572.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.25815.ZipHeur.BadExt.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.LokiBot
Create hunting rule
Status:
Malicious
First seen:
2020-06-09 06:31:04 UTC
AV detection:
24 of 31 (77.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=cgv645i4sczbg6yatkqkf4s62oyaeft7h2422hcalfyxytq6l7mq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

zip 11abee751c90b2137b009aa0a2f25ed3b002167f3eb9ad1c4059717c4e1e5fd9

(this sample)

Loki

Executable exe a3c934f5c5e89fa966773acef982f4fabfd6d53c5c5af6c420a205b117c44688

  
Dropping
MD5 660e166b04b336b72475dc77a9d57cfd
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a3c934f5c5e89fa966773acef982f4fabfd6d53c5c5af6c420a205b117c44688

Comments