MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 47002debfd605cc8b7bf277dd96ac93c9f647ffa46dd2739bfb4c1150bbc155b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 47002debfd605cc8b7bf277dd96ac93c9f647ffa46dd2739bfb4c1150bbc155b
SHA3-384 hash: 19a67586a70e02c7d687b9a5c403702fc894cb0a167428b95ddea9abd97ec3c67ca49f157fa29dcd351204bfe94dea43
SHA1 hash: 8cf017a49b4130c9d50a10567add20808bf1c296
MD5 hash: 0247ca1919a3bfd565098eaa5ee81a0a
humanhash: mexico-berlin-xray-chicken
File name:HP165230400320240.arj
Download: download sample
Signature Loki
Create hunting rule
File size:270'002 bytes
First seen:2020-06-26 07:45:34 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:Na9XIwtZ+M1tfF6Hw6YZsOwQ/yxOPDqe9nJ4UxGgcHNJdfsG8mGvxfV1:YSwtZ+EF6hXQ6x2DqeP4iGnjZdGVT
TLSH AD44220B04911699E1C7C288C37269C4B387EC64E3287D91DB9432ACBDE83C4ED95EF8
Reporter abuse_ch
Tags:arj Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: host.cardiglogistics.com
Sending IP: 207.148.117.51
From: MECHINERY GROUP COMPANY <haig@haig.cc>
Subject: RE: REQUEST FOR QUOTATION:ENGINE POWER 165-230 HP 400/320/240 urgent
Attachment: HP165230400320240.arj (contains "win32.exe")

Loki C2:
http://shehig.com/ig1/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Downloader.Soft32downloader-6691270-0
Create hunting rule

SecuriteInfo.com.Artemis162931E90DCF.4593.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/47002debfd605cc8b7bf277dd96ac93c9f647ffa46dd2739bfb4c1150bbc155b/
Threat name:
Win32.Trojan.Delikle
Create hunting rule
Status:
Malicious
First seen:
2020-06-26 07:47:05 UTC
AV detection:
8 of 48 (16.67%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=i4ac3275mbomrn57e565s2wjhspwi772i3osoon7wtarkc54cvnq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

zip 47002debfd605cc8b7bf277dd96ac93c9f647ffa46dd2739bfb4c1150bbc155b

(this sample)

Loki

Executable exe 011bc5d6f824739b9ce820b2bc4a439a0d875427b9dc73a32797643276b50880

  
Dropping
MD5 87ecc3c6940fc2d947e2e6b1dabab8b7
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 011bc5d6f824739b9ce820b2bc4a439a0d875427b9dc73a32797643276b50880

Comments