MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 51c7be86a8e2fc9d475ae5400eddec53fe9ce63bc89859299ad645d6ebac85fc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 51c7be86a8e2fc9d475ae5400eddec53fe9ce63bc89859299ad645d6ebac85fc
SHA3-384 hash: 82748beb347ff6f17d723b3b9d13b2a46f2793f4423a88907f59002535af0f31ce8f871cc561f7859a093c59207b1456
SHA1 hash: 56a966ef25e03776a4fb642458c1e8eb4d169841
MD5 hash: 26a95f4d1b0ae7b4784573ae3aa18fa3
humanhash: maryland-steak-november-triple
File name:Payment Slip copy.r01
Download: download sample
Signature Loki
Create hunting rule
File size:521'313 bytes
First seen:2022-06-10 11:25:32 UTC
Last seen:Never
File type: r01
MIME type:application/x-rar
ssdeep 12288:ksOFC7WekVdEM25T0zf3UqowLgo17kLX5eJpmLTUmF64w+p+6x:kg7kZdgZLX5eJULTU+6Kp5x
TLSH T1EEB4239F2EE4272370103DBA03456D8B53D6874B83DA53792D77FCCE2942648E68E68D
TrID 61.5% (.RAR) RAR compressed archive (v5.0) (8000/1)
38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Reporter cocaman
Tags:Loki payment r01


Avatar
cocaman
Malicious email (T1566.001)
From: "TaeOan Kim Financial Manager <taeoankim@naver.com>" (likely spoofed)
Received: "from naver.com (unknown [180.214.237.199]) "
Date: "10 Jun 2022 04:24:08 -0700"
Subject: "PAYMENT DETAILS COPY"
Attachment: "Payment Slip copy.r01"

Intelligence

File Origin
# of uploads :
1
# of downloads :
277
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/51c7be86a8e2fc9d475ae5400eddec53fe9ce63bc89859299ad645d6ebac85fc/
Threat name:
ByteCode-MSIL.Backdoor.Androm
Create hunting rule
Status:
Malicious
First seen:
2022-06-10 11:20:44 UTC
File Type:
Binary (Archive)
Extracted files:
16
AV detection:
14 of 26 (53.85%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=khd35bvi4l6j2r224vaa5xpmkp7jzzr3zcmfskm22zc5n25mqx6a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/51c7be86a8e2fc9d475ae5400eddec53fe9ce63bc89859299ad645d6ebac85fc

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

r01 51c7be86a8e2fc9d475ae5400eddec53fe9ce63bc89859299ad645d6ebac85fc

(this sample)

Loki

Executable exe e2716a711f6bb22d2ff77e0da881b24d16b554bc081b6a7d11d23027d4a47670

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e2716a711f6bb22d2ff77e0da881b24d16b554bc081b6a7d11d23027d4a47670
  
Dropping
Loki

Comments