MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 535246a2d4f30961ec85a8a29995d67bc611d1b1de2027930b3b9ce57fa3adfb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 535246a2d4f30961ec85a8a29995d67bc611d1b1de2027930b3b9ce57fa3adfb
SHA3-384 hash: 337bd9e448f76bd486be37e7d76f663b2572e0421b9e2b52b35f9c0ee1b8e365bfaa63397d90f05e00ab464c00a36116
SHA1 hash: f7f2d3d38b86009bcaa63899e5429ad5db1d18f0
MD5 hash: 47a8ff466ed03f8719dc066f5c90c65b
humanhash: oxygen-seven-yellow-seventeen
File name:HP1652304340032004_pdf..arj
Download: download sample
Signature Loki
Create hunting rule
File size:343'336 bytes
First seen:2020-06-26 06:40:18 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:pmB6YdNzbtZxLQVmMgD6fceDtuDO38XcukEp6L5w2a5F9WfB1l9dLS+yO+xLUKvx:pmBjrZZxLJMldIa38XOEpb2hfN9RSL4A
TLSH 197423CDE0265FA7424B7C6FC6F62A1E8B3878751839D0DD1C55044280BAB9F3F99C5A
Reporter abuse_ch
Tags:arj Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: server.suryasukses.com
Sending IP: 163.53.195.78
From: SHANDONG SEA PROJECT MACHINERY GROUP COMPANY. <haig@haig.cc>
Subject: RE: REQUEST FOR QUOTATION ENGINE: ENGINE POWER 165-230 HP 400/320/240 urgent
Attachment: HP1652304340032004_pdf..arj (contains "HP1652304340032004_pdf..exe")

Loki C2:
http://flexpak-th.com/osama/aboki/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Win32.Injector.EMHU.4343.UNOFFICIAL
Create hunting rule

PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/535246a2d4f30961ec85a8a29995d67bc611d1b1de2027930b3b9ce57fa3adfb/
Threat name:
Win32.Trojan.FormBook
Create hunting rule
Status:
Malicious
First seen:
2020-06-26 06:42:05 UTC
AV detection:
30 of 48 (62.50%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=knjeniwu6mewd3efvcrjtfowppdbdunr3yqcpeylhoook75dvx5q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

zip 535246a2d4f30961ec85a8a29995d67bc611d1b1de2027930b3b9ce57fa3adfb

(this sample)

Loki

Executable exe 8740c69b19d17495a8622b3fc7c7c9bd1c39464483fbfe01cc1c459ef3773910

  
Dropping
MD5 30962a321c30c6cf8283272b1f0ce1e4
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 8740c69b19d17495a8622b3fc7c7c9bd1c39464483fbfe01cc1c459ef3773910

Comments