MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 494b0db793c74f6ecb593420e2634ed35099c5a7d1b434a435edafe1455a8a82. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 494b0db793c74f6ecb593420e2634ed35099c5a7d1b434a435edafe1455a8a82
SHA3-384 hash: b0bee81ad54aaa73acc445ba2455d466f44174e3e585cb4f461dde96f8177f84355164aba48e9d64e5a0728e06e54578
SHA1 hash: bce9c17a7cc590d438fd8dc773dc2c4a5aa436f6
MD5 hash: 93f41caf58dbd24fa626ff8f84bc9eeb
humanhash: sodium-nevada-hot-maine
File name:F0993652.rar
Download: download sample
Signature Loki
Create hunting rule
File size:329'451 bytes
First seen:2020-08-18 12:04:46 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:y8RYr7DUWj6pGc5rnZA6UYU9i99kLQzcXyOehLv64e1Lo8fQ0:yUpL5so99KiO2LM120
TLSH 2B6423A2987D53252C0AE1BB622618243676F036944F7A1F170E5FB317B0EFDB475782
Reporter abuse_ch
Tags:Loki rar


Avatar
abuse_ch
Malspam distributing Loki:

From: Aman/Roshan <emil@dane.com>
Subject: RFQ: King Brinell Products.
Attachment: F0993652.rar (contains "F0993652.exe")

Loki C2:
http://kunu-kunu.com/brytt/bryt2/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
58
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/494b0db793c74f6ecb593420e2634ed35099c5a7d1b434a435edafe1455a8a82/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-08-18 11:11:31 UTC
AV detection:
17 of 29 (58.62%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=jffq3n4ty5hw5s2zgqqoey2o2nijtrnh2g2djjbv5wx6crk2rkba._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Lokibot
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/494b0db793c74f6ecb593420e2634ed35099c5a7d1b434a435edafe1455a8a82

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

rar 494b0db793c74f6ecb593420e2634ed35099c5a7d1b434a435edafe1455a8a82

(this sample)

Loki

Executable exe 9b6ce551dc49048b5c7a92738701d5c1749c49eef9be5254f5625893fabf5ebf

  
Dropping
MD5 1051ca658d1cf0978319b01b9687937e
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 9b6ce551dc49048b5c7a92738701d5c1749c49eef9be5254f5625893fabf5ebf

Comments