MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 39192cb6fbb33d795401b4138286956c1d8e2fea541687dacf7541c64d9ebcc6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 39192cb6fbb33d795401b4138286956c1d8e2fea541687dacf7541c64d9ebcc6
SHA3-384 hash: 54da06d5d3db023c6159f6dde8d141bea54ef005758d1fd50d6a005de94c0d1b654466e90dcfb2891107aace172fa45b
SHA1 hash: a157ce9e7bf961eddf66f82a1d6808edceb12df9
MD5 hash: b1b88d76da1cb304fed2e08bec7e268e
humanhash: queen-avocado-floor-mountain
File name:NI-16026-28 Shipping documents_pdf..arj
Download: download sample
Signature Loki
Create hunting rule
File size:456'072 bytes
First seen:2020-11-06 07:36:43 UTC
Last seen:2020-11-09 06:43:41 UTC
File type: zip
MIME type:application/zip
ssdeep 12288:QuRe6iKrMnjn+jj1wsR7JPfdujoPiw5IaKq15SQg:QuQ6Z6+jisDF56w5J51IQg
TLSH 36A423B11C9091AAF3F309704AF9930FF207329D6ADA8C5A17DA7F5501457DD3B84AE2
Reporter abuse_ch
Tags:arj Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: se1s-lax1.servconfig.com
Sending IP: 192.249.112.55
From: "R.K.Yadav" <accounts@atlasmarine.com>
Subject: Shipping documents for NI-16026-28]?DAL? Proforma Invoice of Quizalofop in November-urgent.
Attachment: NI-16026-28 Shipping documents_pdf..arj (contains "NI-16026-28 Shipping documents_pdf..exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/39192cb6fbb33d795401b4138286956c1d8e2fea541687dacf7541c64d9ebcc6/
Threat name:
Win32.Trojan.LokiBot
Create hunting rule
Status:
Malicious
First seen:
2020-11-05 21:55:46 UTC
AV detection:
27 of 48 (56.25%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=hemsznx3wm6xsvabwqjyfbuvnqoy4l7kkqlipwwpova4mtm6xtda._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

zip 39192cb6fbb33d795401b4138286956c1d8e2fea541687dacf7541c64d9ebcc6

(this sample)

Loki

Executable exe 75c85639fa44d87495154902bef668b43cd73463555a91c409cf187113760024

  
Dropping
MD5 4731d2045c28c195147e16c7165caa03
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 75c85639fa44d87495154902bef668b43cd73463555a91c409cf187113760024

Comments