MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1315fb032aeaa8d9fc112bfdbb4f94e9a0ce2c8b4371defbe7f9dab2dcff789c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1315fb032aeaa8d9fc112bfdbb4f94e9a0ce2c8b4371defbe7f9dab2dcff789c
SHA3-384 hash: f7ce60bd7df0b3f9088e3e75a39586bc51a4628d1ef9270f186094b12bc89ee1afbd731348057659b5e828238a15b24b
SHA1 hash: 3edd9b3d1cea3616be82ccc846cbd9974a7d123f
MD5 hash: 9f3ccc4177b8859312f753082db110fc
humanhash: freddie-potato-thirteen-pluto
File name:PERMINTAAN PENAWARAN 13-08-2020·pdf.zip
Download: download sample
Signature Loki
Create hunting rule
File size:382'010 bytes
First seen:2020-08-13 09:06:41 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:HUlDncB5gCi6r4iETKdCYvDJI2CvLwBOY16x8LN1pkESMwzIA9OAGl3LQ2wzW/Pn:6toPE6jCEYG6xUIUKOzhdeW348IY
TLSH 378423E11AF5B2DC5A507FBFD9504182BD8C6E8F84E2DBD6C53A1165BECA32013BA170
Reporter abuse_ch
Tags:Loki zip


Avatar
abuse_ch
Malspam distributing Loki:

HELO: server1.asiadivers.com
Sending IP: 184.173.241.194
From: UNIVERSITAS GADJAH MADA <admin@ugm.ac.id>
Subject: PERMINTAAN PENAWARAN (UNIVERSITAS GADJAH MADA) ASI894/ID400
Attachment: PERMINTAAN PENAWARAN 13-08-2020·pdf.zip (contains "PERMINTAAN PENAWARAN 13-08-2020·pdf.exe")

Loki C2:
http://195.69.140.147/.op/cr.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
54
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

SecuriteInfo.com.Mal.Generic-S.5549.16169.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1315fb032aeaa8d9fc112bfdbb4f94e9a0ce2c8b4371defbe7f9dab2dcff789c/
Threat name:
Win32.Trojan.LokiBot
Create hunting rule
Status:
Malicious
First seen:
2020-08-13 09:08:06 UTC
AV detection:
21 of 47 (44.68%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=cmk7wazk5kunt7arfp63wt4u5gqm4leliny5567h7hnlfxh7pcoa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Lokibot
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/1315fb032aeaa8d9fc112bfdbb4f94e9a0ce2c8b4371defbe7f9dab2dcff789c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

zip 1315fb032aeaa8d9fc112bfdbb4f94e9a0ce2c8b4371defbe7f9dab2dcff789c

(this sample)

Loki

Executable exe 0c73793f70de675a8df596820b6ccab9b96baa5c8bc090e7c18959daa5528eb3

  
Dropping
MD5 31a304fe120a45a9dbd744871f564823
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0c73793f70de675a8df596820b6ccab9b96baa5c8bc090e7c18959daa5528eb3

Comments