MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1e757cfaa6ca55806f026087892e419a2c6ce4d1334e87b5ecf5831e84203ca3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1e757cfaa6ca55806f026087892e419a2c6ce4d1334e87b5ecf5831e84203ca3
SHA3-384 hash: 8ffd0402cea735601c19c199e9e45fb6c716300ce9613a265a118db8bf2c3af2c288a6018d697b46351f4536de40bc21
SHA1 hash: 61b84628edbae6855f7cb7e6af7d55313801f473
MD5 hash: e62de50c68470f961040f7e8bef026fb
humanhash: glucose-winner-edward-salami
File name:CORONAVIRUS COVID-19 BUSINESS TRANSACTION NOTICE DOCUMENT_pdf.arj
Download: download sample
Signature Loki
Create hunting rule
File size:1'506'160 bytes
First seen:2020-05-06 10:05:51 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:NVgaLIfN2lDe7HHFrY678fQMGaF71KVFUmyCiAAGAJmCcbHQwfMcYH:NbWN2Ze7HHFrX7c1F7s8KiAfRCmHQwhG
TLSH 926533EC316CC725A5FE160BD1331EC201D2BD96E589C4D316EC5E63396AC94A8837EB
Reporter abuse_ch
Tags:arj COVID-19 Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: s1.smallhost.in
Sending IP: 103.46.239.70
From: CENTER FOR DISEASE CONTROL & MANAGEMENT <HeungJung@cahayapack.com.my>
Subject: UPDATE // BUSINESS CONTINUITY PLAN ANNOUNCEMENT FOR COVID-19 STARTING\x0a MAY 2020.
Attachment: CORONAVIRUS COVID-19 BUSINESS TRANSACTION NOTICE DOCUMENT_pdf.arj (contains "CORONAVIRUS COVID-19 BUSINESS TRANSACTION NOTICE DOCUMENT_pdf.exe")

Loki C2:
http://beesco.net/second/chief3/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.PSW.Agent.BORA.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Aitinject
Create hunting rule
Status:
Malicious
First seen:
2020-05-06 10:36:35 UTC
File Type:
Binary (Archive)
Extracted files:
27
AV detection:
28 of 48 (58.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=dz2xz6vgzjkya3ycmcdyslsbtiwgzzgrgnhipnpm6wbr5bbahsrq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

zip 1e757cfaa6ca55806f026087892e419a2c6ce4d1334e87b5ecf5831e84203ca3

(this sample)

Loki

Executable exe 7d06c124b5bdde0cfcea40a6e56c407eaffd801ec7904f9db486add803463230

  
Dropping
MD5 3041b83d54d06dc8d5d01058603cb480
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7d06c124b5bdde0cfcea40a6e56c407eaffd801ec7904f9db486add803463230

Comments