MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2f01fa122cb7cda82a53b9f9f132dc8887e67523ac2c422085add1444edd4c51. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2f01fa122cb7cda82a53b9f9f132dc8887e67523ac2c422085add1444edd4c51
SHA3-384 hash: 23fc857facbd8d5a9e3c74d9091b0c8f8355ae31c63e5fe828a060c6f1bba4f813266c0000d4010e5eefa58f4ab44ac1
SHA1 hash: c94bc20517c500261c99b6d8b6331708b52780de
MD5 hash: 7fcf580ee883e8c18a1aa5ca558102c9
humanhash: east-pennsylvania-stream-diet
File name:要求報價 21-10-2020·pdf.zip
Download: download sample
Signature Loki
Create hunting rule
File size:450'552 bytes
First seen:2020-10-21 09:58:13 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:BIW0l5okbsJr8daWA/YyGJ6FVZdT124fx:BtaZst8daWzyGKT1v5
TLSH CBA4231AB407A5C0A62CC169BFE82439A42719C3B18C712EF962876D5F2D75B07F172F
Reporter abuse_ch
Tags:CHN geo Loki zip


Avatar
abuse_ch
Malspam distributing Loki:

HELO: jktd3khmail01v.cloudkilat.me
Sending IP: 103.23.20.233
From: 大學 臺灣 大學 <admin@hotmail.com>
Subject: 要求報價 (National Tsing Hua University) ASI894/TW4611
Attachment: 要求報價 21-10-2020·pdf.zip (contains "要求報價 21-10-2020·pdf.exe")

Loki C2:
http://195.69.140.147/.op/cr.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
59
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2f01fa122cb7cda82a53b9f9f132dc8887e67523ac2c422085add1444edd4c51/
Threat name:
Win32.Trojan.LokiBot
Create hunting rule
Status:
Malicious
First seen:
2020-10-21 00:23:55 UTC
AV detection:
25 of 29 (86.21%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=f4a7uermw7g2qkstxh47cmw4rcd6m5jdvqweeiefvxiuitw5jriq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

zip 2f01fa122cb7cda82a53b9f9f132dc8887e67523ac2c422085add1444edd4c51

(this sample)

Loki

Executable exe 0923274d4b1432b37bde07e2be50ea80eacd4e81c30ccf603612e731280804ed

  
Dropping
MD5 78da87eaff23119c80f2588fafcfc67d
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0923274d4b1432b37bde07e2be50ea80eacd4e81c30ccf603612e731280804ed

Comments