MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 14918a1a2c89d9bcf2e71074c1c2ca68e5118470e205624ebe1a431656336ec4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 14918a1a2c89d9bcf2e71074c1c2ca68e5118470e205624ebe1a431656336ec4
SHA3-384 hash: 312f0b1f3d2fd6cfcd015f34e8ba622cf9b419a38a567942520c81a0a02e891e586076b2e0cc5064ccc83c5833d20d04
SHA1 hash: fb0518e729d310e9ea1eb090f967e4273b750391
MD5 hash: c9949a3a01226f2651449b56e6f049c6
humanhash: stream-spaghetti-snake-emma
File name:shipping_doc_pdf.arj
Download: download sample
Signature Loki
Create hunting rule
File size:181'629 bytes
First seen:2021-01-18 18:40:09 UTC
Last seen:Never
File type: arj
MIME type:application/x-rar
ssdeep 3072:oR0JRsN3psmD+IM3G04MYeygNP3ldrpeLcF3ibrTtXdfC5tztYYlW0dG37Xq9lNM:oRCeN5smO3HxYAP3AIF3alXk5tz40A3n
TLSH DE041209EC32E7C6343FD9343992A6403491C6EFE1C5810B9260ADFF374CEB8966466D
Reporter abuse_ch
Tags:arj Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: mail.technoreactor.ml
Sending IP: 193.142.59.160
From: West of England Insurance Services (Luxembourg) S.A. <Giorgia.Voltan@westpandi.com>
Subject: ::: Attn: Shipment//Docs **(CI, PL & BL)**
Attachment: shipping_doc_pdf.arj (contains "shipping_doc_pdf.exe")

Loki C2:
http://mannaton.com/zoro/zoro3/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
195
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27382.Rar5Heur.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/14918a1a2c89d9bcf2e71074c1c2ca68e5118470e205624ebe1a431656336ec4/
Threat name:
Win32.Trojan.Tnega
Create hunting rule
Status:
Malicious
First seen:
2021-01-18 18:41:07 UTC
AV detection:
19 of 46 (41.30%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=csiyugrmrhm3z4xhcb2mdqwkndsrdbdq4icwetv6djbrmvrtn3ca._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/14918a1a2c89d9bcf2e71074c1c2ca68e5118470e205624ebe1a431656336ec4

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

arj 14918a1a2c89d9bcf2e71074c1c2ca68e5118470e205624ebe1a431656336ec4

(this sample)

Loki

Executable exe a378693f6aef81066fd09e58b29e5dc3190f3aea614b4518589a7a07291b14a2

  
Dropping
MD5 ce4d5c2cc963dcf05eadafc79fd439fb
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a378693f6aef81066fd09e58b29e5dc3190f3aea614b4518589a7a07291b14a2

Comments