MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 44b95f67b48000bff83885a37eb5e3962a1fc996046d92ed5ded713f4293bdc0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 44b95f67b48000bff83885a37eb5e3962a1fc996046d92ed5ded713f4293bdc0
SHA3-384 hash: 07116eedbd18025d1c0c15b049d096c02169b61f02929b0f86b4a51621784d74fa3306c8854a37e9bc66c2d66a3a0362
SHA1 hash: 247881a5914613d7c710e1513e59d756b819facd
MD5 hash: 9843f901812d2aa0dc180ee8e379ba7c
humanhash: foxtrot-hamper-london-gee
File name:WA-IMG10090 Order SN0097453 SHEET.rar
Download: download sample
Signature Loki
Create hunting rule
File size:761'610 bytes
First seen:2020-05-25 09:23:48 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:UTMfDNZqTrl05+oe7vLNCZJ0Ic6T/yELG2V9/UbIXbRiDoj6oR+Ac2RolPQAQKoN:caqTrw+drLNu0Ic6TaE62VJpViDfyRCG
TLSH A3F4331295D75A697C4EF1DFC024C894AA10F7CA5B667710E7CA258E3BEBB1C4A2C0DC
Reporter abuse_ch
Tags:Loki rar


Avatar
abuse_ch
Malspam distributing Loki:

HELO: mta12.doruk.net.tr
Sending IP: 81.21.172.164
From: geral@promutatis.com
Subject: INQUIRIES Request For Quotation SGRE20473 FANDERS CO., LTD
Attachment: WA-IMG10090 Order SN0097453 SHEET.rar (contains "WA-IMG10090 Order SN0097453 SHEET.exe")

Loki C2:
http://mecharnise.ir/da9/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-24 23:59:12 UTC
File Type:
Binary (Archive)
Extracted files:
27
AV detection:
14 of 30 (46.67%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

rar 44b95f67b48000bff83885a37eb5e3962a1fc996046d92ed5ded713f4293bdc0

(this sample)

Loki

Executable exe b9464d27c038d3f5cdd28f88083396b4e29a7fa78cdb384b572f3f13c3fd5a3c

  
Dropping
MD5 3e7802303c68db95f8903985ce4e5458
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b9464d27c038d3f5cdd28f88083396b4e29a7fa78cdb384b572f3f13c3fd5a3c

Comments