MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2f11e04f6aaa2b5189d7db9dda1182f76ef1e3d02ee075250cdafe289cb85717. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2f11e04f6aaa2b5189d7db9dda1182f76ef1e3d02ee075250cdafe289cb85717
SHA3-384 hash: 9c8c0e08722fb70741d8bc20335d5eb8b66a637f8e55149af9f197d2b3fe2da9ace5462521ee196e69269c7072e0487a
SHA1 hash: 8d6e150a5cdaf7ae1fbfa4c9dfd395da230ffb21
MD5 hash: 033c5821c8d7a88584c418ab561e3e10
humanhash: comet-oranges-delta-indigo
File name:QOUTATION_pdf___________________________________________________________.gz
Download: download sample
Signature Loki
Create hunting rule
File size:509'242 bytes
First seen:2021-01-19 07:34:26 UTC
Last seen:2021-01-20 18:00:27 UTC
File type: gz
MIME type:application/x-rar
ssdeep 12288:c7fCpap7Wvz0eof1OtCNBO7vyqctAZAJVf9BtFMYRGP:0fCKNTCCNB13RBtFuP
TLSH 31B423044D9B3D353C69B0F021FF2309E93F9659ABBA8D0591EE2FA441F9222CE5F464
Reporter abuse_ch
Tags:gz Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: key-code.fr
Sending IP: 185.222.57.81
From: Purchase department<info@key-code.fr>
Subject: URGENT REQUEST FOR QUOTATION
Attachment: QOUTATION_pdf___________________________________________________________.gz (contains "QOUTATION_pdf___________________________________________________________.exe")

Loki C2:
http://becharnise.ir/fa8/fre.php

Intelligence

File Origin
# of uploads :
2
# of downloads :
175
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2f11e04f6aaa2b5189d7db9dda1182f76ef1e3d02ee075250cdafe289cb85717/
Threat name:
Win32.Trojan.Pwsx
Create hunting rule
Status:
Malicious
First seen:
2021-01-19 04:21:28 UTC
AV detection:
6 of 46 (13.04%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=f4i6at3kvivvdcox3oo5uemc65xpdy6qf3qhkjim3l7crhfyk4lq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/2f11e04f6aaa2b5189d7db9dda1182f76ef1e3d02ee075250cdafe289cb85717

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

gz 2f11e04f6aaa2b5189d7db9dda1182f76ef1e3d02ee075250cdafe289cb85717

(this sample)

Loki

Executable exe 20ed9a53d8646236d7c6be8fa36a1ec38b54290d221b12fb9b8b4d88b1d10d2f

  
Dropping
MD5 7844ad843291f102a345d476aef78a27
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 20ed9a53d8646236d7c6be8fa36a1ec38b54290d221b12fb9b8b4d88b1d10d2f

Comments