MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3f9854eab0baadf77f228194bd6421e596ad12bfcf25b06e32d0f3ec96395f07. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3f9854eab0baadf77f228194bd6421e596ad12bfcf25b06e32d0f3ec96395f07
SHA3-384 hash: 8a8a2b457ce2c89951d5802fee86e4a12a3aabc52c5b494a49ca3bf0e6635fe33221387cb494a07d5737ba46b6c9590a
SHA1 hash: ceb2e3eea10e5b9259aa1660b6441f6c6bcd317d
MD5 hash: cf84b9d9e8b8e197ee9056d76059e1be
humanhash: floor-golf-ohio-artist
File name:TNT E-invoicing.gz
Download: download sample
Signature Loki
Create hunting rule
File size:356'186 bytes
First seen:2020-10-08 12:24:27 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 6144:A81nWHzLacbPxkPMblebl2yKnO0KelhSU2UbFGhRF3OhmBvlDO/kKRxRepvc:r1WHfhnERFK/j8UbK3zvSJRjee
TLSH A67423A306D038C1164D0F9089BA716698FA5E6F1CADCEFCBE539E01AD74269CC1D71B
Reporter abuse_ch
Tags:gz Loki TNT


Avatar
abuse_ch
Malspam distributing Loki:

HELO: hosting1.solusinet.id
Sending IP: 128.199.117.239
From: TNT Express <jonathan@sillomp.com>
Subject: TNT E-invoicing Notification - 04950314-pharmadra.com
Attachment: TNT E-invoicing.gz (contains "TNT E-invoicing.exe")

Loki C2:
http://venitronics.com/oo/Panel/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3f9854eab0baadf77f228194bd6421e596ad12bfcf25b06e32d0f3ec96395f07/
Threat name:
Win32.Trojan.LokiBot
Create hunting rule
Status:
Malicious
First seen:
2020-10-08 12:00:37 UTC
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=h6mfj2vqxkw7o7zcqgkl2zbb4wlk2ev7z4s3a3rs2dz6zfrzl4dq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Lokibot
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/3f9854eab0baadf77f228194bd6421e596ad12bfcf25b06e32d0f3ec96395f07

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

gz 3f9854eab0baadf77f228194bd6421e596ad12bfcf25b06e32d0f3ec96395f07

(this sample)

Loki

Executable exe 469f697f353fd22ab839073ff17b3f2f48854225d7bb705b880a2b63ca79aa60

  
Dropping
MD5 92ff897cfe48d6d50c32c14f752b8c6f
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 469f697f353fd22ab839073ff17b3f2f48854225d7bb705b880a2b63ca79aa60

Comments