MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1e5db9bb06d938cf34f813f9ef210778b37664e5e8dfe774ecf609b6f1b61996. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1e5db9bb06d938cf34f813f9ef210778b37664e5e8dfe774ecf609b6f1b61996
SHA3-384 hash: ab2bd5724700f92385b5fc05fcd524f506d8a8126d962cc15e931551fd07534d4ce0c019b879f6bdd348ffdd6b96f42c
SHA1 hash: dd2c8a48adb222e6767d13e8fcf5d1c82ad8235e
MD5 hash: 46768db37575a27aa796fffc8995dbe6
humanhash: jersey-nebraska-timing-july
File name:Scan Copy_pdf.gz
Download: download sample
Signature Loki
Create hunting rule
File size:378'300 bytes
First seen:2020-05-18 08:11:33 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 6144:CFAkfWZmbZbRIT8NsbXG/Pr8Db3Bd8Zwu8wKpUyqplBGK0YyRgDdj/Uvokphk:F5eUGHIDLBmZhtK+plsK070/Wokphk
TLSH A88423051B97F7648298C580CC0685FEF532323EC3DBB54ABA2162F16DF5EA2E27B514
Reporter abuse_ch
Tags:gz Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: vinalines-shipping.com
Sending IP: 217.61.107.95
From: YT, Kim<thuynt@vinalines-shipping.com>
Subject: 749_NEW INQUIRY FOR URGENT DELIVERY
Attachment: Scan Copy_pdf.gz (contains "Scan Copy_pdf.exe")

Loki C2:
http://missingandfound.com.my/limit/Panel/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

SecuriteInfo.com.CookieTools.13993.13725.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-18 16:45:21 UTC
File Type:
Binary (Archive)
Extracted files:
294
AV detection:
29 of 48 (60.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=dzo3toyg3e4m6nhycp466iihpczxmzhf5dp6o5hm6ye3n4nwdgla._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

gz 1e5db9bb06d938cf34f813f9ef210778b37664e5e8dfe774ecf609b6f1b61996

(this sample)

Loki

Executable exe bd1712d1d6c4d966b19d46ca2e6531f80ab7cd9ad4abe2bf41746207ff4f48ae

  
Dropping
MD5 af4be2f26343aa1ea23ffd817e1442d3
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 bd1712d1d6c4d966b19d46ca2e6531f80ab7cd9ad4abe2bf41746207ff4f48ae

Comments