MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 31e7a1c176e2329a9da3db716e05bdaee593a858b5a2e409ec03642e9d9284e2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 31e7a1c176e2329a9da3db716e05bdaee593a858b5a2e409ec03642e9d9284e2
SHA3-384 hash: 342236116000fcf3348cd0a578ff5afbd8469392ea7c3958ee4186af5a9e5febf6c6fce9537d0deb7bf2cba046203e40
SHA1 hash: c8b2fc7785552e35ddc2e0c5253e7702ff707df4
MD5 hash: bc3ae633733bf2fd371a61ea517575c9
humanhash: mike-vermont-london-social
File name:TT slip copy.zip
Download: download sample
Signature Loki
Create hunting rule
File size:307'127 bytes
First seen:2020-08-04 10:47:41 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:7io4lsa4evEcaicZVap311T5tyhr+k2Z+HQsZ3lt9DigtDb:Oo8cZVap311VtEr+k2ZaQSVueH
TLSH 7A6423D5AEADD77480BD5F1BEDB6D0266DDB0C8ED9DB8038C26A1603F741A329B412C0
Reporter abuse_ch
Tags:Loki zip


Avatar
abuse_ch
Malspam distributing Loki:

HELO: mta.ak115.secure.ne.jp
Sending IP: 150.60.159.114
From: MENUEL, Karine<kmenu@kidilizgroup.com>
Reply-To: <kmenu@kidilizgroup.com>
Subject: AW: wire confirmation
Attachment: TT slip copy.zip (contains "TT slip copy.exe")

Loki C2:
http://modevin.ga/~zadmin/lmark/gld/mode.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
55
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Downloader.Soft32downloader-6691270-0
Create hunting rule

PUA.Win.Adware.Browserio-6725861-0
Create hunting rule

SecuriteInfo.com.Artemis162931E90DCF.4593.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/31e7a1c176e2329a9da3db716e05bdaee593a858b5a2e409ec03642e9d9284e2/
Threat name:
Win32.Backdoor.Remcos
Create hunting rule
Status:
Malicious
First seen:
2020-08-04 01:51:03 UTC
AV detection:
22 of 48 (45.83%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ght2dqlw4izjvhnd3nyw4bn5v3szhkcywwroicpmansc5hmsqtra._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/31e7a1c176e2329a9da3db716e05bdaee593a858b5a2e409ec03642e9d9284e2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

zip 31e7a1c176e2329a9da3db716e05bdaee593a858b5a2e409ec03642e9d9284e2

(this sample)

Loki

Executable exe 0e4c5cf2d1d60e4931c7af6021073006379935d688f5f55ad21fb29844d75a5a

  
Dropping
MD5 be5554c0b982fe95ab9b55d841a584d2
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0e4c5cf2d1d60e4931c7af6021073006379935d688f5f55ad21fb29844d75a5a

Comments