MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 38033bd606e80ce95b79f5faa0721397f206327180deecfcc0ea6ca53d83ff4b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 38033bd606e80ce95b79f5faa0721397f206327180deecfcc0ea6ca53d83ff4b
SHA3-384 hash: e364a744f4f645b7e1b362f4ee32388517a3c95f9b24e9482c7f48b69fb541ce540004586bd1cee57a95dc630640528d
SHA1 hash: 940e65c61172b7de97b8e830076eacf85dfb6d8c
MD5 hash: 1cf4143b66d057bfda5b2ad5405d374e
humanhash: texas-lithium-wolfram-utah
File name:QOUTATION_pdf____________________________________________.gz
Download: download sample
Signature Loki
Create hunting rule
File size:720'950 bytes
First seen:2021-01-18 18:17:24 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 12288:yBsEtYYkgNQvZ9bL4/Uoa8piq9YV3+g4EskBt0+4GHqPQlgFfruB:yBDhknvw/N22YZ4JgcP26u
TLSH A8E423540E4D360C0E41A9E1F84FBB5E1F60ACCB796F3DEA215588A92131C8EDFA5077
Reporter abuse_ch
Tags:gz Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: acrotechnologies.com.mx
Sending IP: 185.222.57.81
From: Purchase department<muestreos3@acrotechnologies.com.mx>
Subject: URGENT REQUEST FOR QUOTATION
Attachment: QOUTATION_pdf____________________________________________.gz (contains "QOUTATION_pdf____________________________________________.exe")

Loki C2:
http://becharnise.ir/fa8/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
131
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Mal.DrodRar-A.12977.5725.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/38033bd606e80ce95b79f5faa0721397f206327180deecfcc0ea6ca53d83ff4b/
Threat name:
Win32.Trojan.Pwsx
Create hunting rule
Status:
Malicious
First seen:
2021-01-18 18:18:07 UTC
AV detection:
6 of 46 (13.04%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=habtxvqg5agosw3z6x5ka4qts7zammtrqdpoz7ga5jwkkpmd75fq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/38033bd606e80ce95b79f5faa0721397f206327180deecfcc0ea6ca53d83ff4b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

gz 38033bd606e80ce95b79f5faa0721397f206327180deecfcc0ea6ca53d83ff4b

(this sample)

Loki

Executable exe 16b6a13fc72423ba17754bd27462ec19ba0a464bfd454e1be14bd31fec165288

  
Dropping
MD5 a867011aacddab4843a00f24964650da
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 16b6a13fc72423ba17754bd27462ec19ba0a464bfd454e1be14bd31fec165288

Comments