MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 15f0e0317a70ede9577a5544eb3363ba8971aa09e4a744932a6500f08ac1f917. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 15f0e0317a70ede9577a5544eb3363ba8971aa09e4a744932a6500f08ac1f917
SHA3-384 hash: a0b200c2aa286f3895ee70f30f5131a8fc07fb2950dea5b102500a7b41e1e73566f8ffbcc886c2db6d11ad8acd861375
SHA1 hash: bfb69545d4e3c573d66282f5edc7b72b8dfcaaa4
MD5 hash: 68f07e634f1e78943496ebfb370b1f31
humanhash: edward-eleven-south-bravo
File name:Nuevo pedido 8974___pdf.7z
Download: download sample
Signature Loki
Create hunting rule
File size:437'736 bytes
First seen:2020-07-09 06:33:09 UTC
Last seen:Never
File type: 7z
MIME type:application/x-rar
ssdeep 12288:aOFTWYtagPQMvtFOAYp0KZyGbuhotNA80koX6baMxAl:aGvagPT5Yp0KUGbMokJkIa3Al
TLSH 73942333F21ED7D05EACC63A2BFD291B1A15F29D2BEADE465715B180F4CC532992081D
Reporter abuse_ch
Tags:7z CHL geo Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: mee.cl
Sending IP: 95.211.208.25
From: miguel muñoz <contacto@mee.cl>
Subject: Nuevo pedido de suministro
Attachment: Nuevo pedido 8974___pdf.7z (contains "Nuevo pedido 8974___pdf.exe")

Loki C2:
http://boeschboddenspies.com/server/five/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27382.Rar5Heur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/15f0e0317a70ede9577a5544eb3363ba8971aa09e4a744932a6500f08ac1f917/
Threat name:
ByteCode-MSIL.Backdoor.Remcos
Create hunting rule
Status:
Malicious
First seen:
2020-07-09 06:35:05 UTC
AV detection:
17 of 48 (35.42%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=cxyoaml2odw6sv32kvcowm3dxkexdkqj4stujezkmuapbcwb7elq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

7z 15f0e0317a70ede9577a5544eb3363ba8971aa09e4a744932a6500f08ac1f917

(this sample)

Loki

Executable exe bec49428d91505adca491651a2376e3d90e33091dad7c2b63a7db472d2a28e57

  
Dropping
MD5 c16e0d68c8eaf8a146ac8ac23c643c73
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 bec49428d91505adca491651a2376e3d90e33091dad7c2b63a7db472d2a28e57

Comments