MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 292c92f0256c8b12846f69287ec077767e58ba70d9702e1e6bfcadb1615354fd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 292c92f0256c8b12846f69287ec077767e58ba70d9702e1e6bfcadb1615354fd
SHA3-384 hash: 7e1355a22beb3d75e2b54b0300e698b23bd375165bd93c5ab8ceb47be24f5615543aa11839d9f4dddecd0a4872a64dd4
SHA1 hash: 55f8153d85638b0eaf6549a690e98f193fee315e
MD5 hash: f8edccd3a8260cca384cfe1afdc82b5b
humanhash: quiet-beryllium-lake-bacon
File name:AIT DEPOSIT SWIFT.rar
Download: download sample
Signature Loki
Create hunting rule
File size:555'821 bytes
First seen:2020-12-02 09:10:33 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:u4Na/CchIELlok8oqKY3dAz63YJxL4NZmtDiiO/Q:Na/9hXZMoqKKqSYJ2/mQit
TLSH DDC423CC26D8591E44D8F618BC5DA2CE087C3BD7C1789C7A6F76C25A5AF3C18C423AA5
Reporter abuse_ch
Tags:Loki rar


Avatar
abuse_ch
Malspam distributing Loki:

HELO: vps.sevoi.eu
Sending IP: 185.203.18.16
From: CONTROL UNION <msliza@controlunion.com>
Reply-To: sales@kolhapurhi-techsteel.com, r.laref@transitworldexpress.com
Subject: Fwd: Urgent request for AIT deposit TR
Attachment: AIT DEPOSIT SWIFT.rar (contains "AeQpwlcgmJhjwVo.exe")

Loki C2:
http://jumiliaintl.ml/officem6/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
124
Origin country :
n/a
Vendor Threat Intelligence
Result
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/292c92f0256c8b12846f69287ec077767e58ba70d9702e1e6bfcadb1615354fd/
Threat name:
ByteCode-MSIL.Trojan.Burkina
Create hunting rule
Status:
Malicious
First seen:
2020-12-02 09:11:06 UTC
AV detection:
14 of 29 (48.28%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=fewjf4bfnsfrfbdpneuh5qdxoz7frotq3fyc4htl7sw3cyktkt6q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/292c92f0256c8b12846f69287ec077767e58ba70d9702e1e6bfcadb1615354fd

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

rar 292c92f0256c8b12846f69287ec077767e58ba70d9702e1e6bfcadb1615354fd

(this sample)

Loki

Executable exe 485c37467147a13d48ca5857e05fefde3648db9bb7fe979ff58b8e138c135603

  
Dropping
MD5 ee450bbd81aae2e84a45a3f84a543cff
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 485c37467147a13d48ca5857e05fefde3648db9bb7fe979ff58b8e138c135603

Comments