MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 22aa35e037bac83ff1e684867405f667077ce9b6619c6402209e3d094352ecf9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 22aa35e037bac83ff1e684867405f667077ce9b6619c6402209e3d094352ecf9
SHA3-384 hash: 3e713c7e293d0e35f67e904d2074f1bb48efef1b9a516f373fbeca19ff182fe2c9a976547918f5866c929fe025b61ada
SHA1 hash: dc5c33afb4265cc92c6bc820741d6d8dc530da76
MD5 hash: 297bc9863643b228a150a13bfc0fad57
humanhash: coffee-william-salami-missouri
File name:Someco International RFQ,pdf.zip
Download: download sample
Signature Loki
Create hunting rule
File size:359'960 bytes
First seen:2020-06-03 10:27:56 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:D0ioa1Q/lD4o2+cQvu4RxNgMutOaOO0KMN/SdKF5w4EdIajvAfRRmGZ:oiRoVBcANg7tOzOEqMFdqjvAf/mGZ
TLSH 0F7423F30B22331DE6037F6CEF7BC58D85FC075259B272528D4199249A0784ADF9964D
Reporter abuse_ch
Tags:Loki zip


Avatar
abuse_ch
Malspam distributing Loki:

HELO: eur04.liberatedsystems.com
Sending IP: 138.201.66.202
From: Moussa Faycal <moussa.abi.faycaal@somecointernational.com>
Reply-To: <pangsheng79@gmail.com>
Subject: Someco International Request for Quotation.
Attachment: Someco International RFQ,pdf.zip (contains "Someco International RFQ,pdf.exe")

Loki C2:
http://79.124.8.8/plesk-site-preview/akinsab.ru/http/79.124.8.8/que/Panel/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Sanesecurity.Malware.26176.ZipHeur.BadExt.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 10:36:27 UTC
AV detection:
34 of 48 (70.83%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ekvdlybxxled74pgqsdhibpwm4dxz2nwmgogiaraty6qsq2s5t4q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

zip 22aa35e037bac83ff1e684867405f667077ce9b6619c6402209e3d094352ecf9

(this sample)

Loki

Executable exe 4ee9ec40b11e9640b062aa127afc75ab01c0d8f3a3257dda3348e53e73f7982d

  
Dropping
MD5 4516854ae433309c0b62a16f58bfa1bd
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4ee9ec40b11e9640b062aa127afc75ab01c0d8f3a3257dda3348e53e73f7982d

Comments