MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1ab26e8d8331d1b03920c2e48c513b237f7dcd72f5c41aae686da5266c99cff0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1ab26e8d8331d1b03920c2e48c513b237f7dcd72f5c41aae686da5266c99cff0
SHA3-384 hash: c4b5c904971ccd31ac9935e983568ed8923a85f4e2175b001320791cc827c984ab1c72d5e08987f143c4ba8333d0aeb5
SHA1 hash: 1ffdb110ed22f6897a390e5551a4560a2e92b4ef
MD5 hash: 70ab3a298edc963db01c4dd24a077a73
humanhash: neptune-wyoming-east-four
File name:Wire.rar
Download: download sample
Signature Loki
Create hunting rule
File size:206'245 bytes
First seen:2020-10-21 08:59:31 UTC
Last seen:2020-10-23 09:48:44 UTC
File type: rar
MIME type:application/x-rar
ssdeep 6144:WlbJlr6GnbMZfuvOPXqSLPpJ0GZ9VXJMWWtXRmR:49bmwOrpKY9VAB4R
TLSH 99141298AB4BB9F47BAF30255080F22672157C552812F8AAD4AC33FF749FBE474A2415
Reporter abuse_ch
Tags:BitRAT Loki rar RAT


Avatar
abuse_ch
Malspam distributing Loki:

HELO: GUEST.home
Sending IP: 45.63.67.54
From: "MENUEL, Karine"<kmenu@kidilizgroup.com>
Reply-To: <kmenu@kidilizgroup.com>
Subject: AW: wire confirmation
Attachment: Wire.rar (contains "Wire.exe")

Loki C2:
http://crestmart.ga/main/l09/gld/mode.php

BitRAT payload URL.
http://seleccionibericos.com/modules/gsitemap/tpl/tl.exe

BitRAT C2:
45.147.231.65:3002

Intelligence

File Origin
# of uploads :
2
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1ab26e8d8331d1b03920c2e48c513b237f7dcd72f5c41aae686da5266c99cff0/
Threat name:
Win32.Trojan.Tiggre
Create hunting rule
Status:
Malicious
First seen:
2020-10-21 05:16:11 UTC
AV detection:
18 of 29 (62.07%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=dkzg5dmdghi3aojaylsiyuj3en7x3tls6xcbvltinwssm3ezz7ya._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

rar 1ab26e8d8331d1b03920c2e48c513b237f7dcd72f5c41aae686da5266c99cff0

(this sample)

Loki

Executable exe 0c04f4fc29b26770c3421f49f81f23ea137d069d9e2a38d3c96ef81a25c73ed2

  
Dropping
MD5 cd6eb7fabbdd41aa750a713dac04bbb3
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0c04f4fc29b26770c3421f49f81f23ea137d069d9e2a38d3c96ef81a25c73ed2

Comments