MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 53d7809ebacd725795ff826bd5ad70965032a153152a3d2cc9f300b7598dfca7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 53d7809ebacd725795ff826bd5ad70965032a153152a3d2cc9f300b7598dfca7
SHA3-384 hash: 5357fa8d598dd957021104091bb5e7bdbe0e67d030bb79115b61d38b42081094f3773d1960a4a6b0ae4397247c5015ab
SHA1 hash: c54f891e0a03ed08c78c0c5409d21a97de74eb8b
MD5 hash: 8e702676ba0ec16b198d71bb4d9bd1d4
humanhash: six-butter-sad-alanine
File name:60%TT SWIFTCOPY_PDF.arj
Download: download sample
Signature Loki
Create hunting rule
File size:833'150 bytes
First seen:2020-05-11 07:56:34 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:l5lhleX087ZIpl+t4OrMklz3b0pRhWt1uK:lzh8zZIpYrTP0pRo9
TLSH 5C05337C9604539C4FFCD938D808AB63AF6E418A60D8BF58F471BE465AB8C27767B005
Reporter abuse_ch
Tags:arj Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: pkz48-3-spamexpert2.hoster.kz
Sending IP: 185.113.132.44
From: sveta@ttk.kz
Subject: AGH/WEDD/AS/1361 (60% TT Payment)
Attachment: 60%TT SWIFTCOPY_PDF.arj (contains "60%TT SWIFTCOPY_PDF.exe")

Loki C2:
http://oneflextiank.com/cola/five/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.PSW.Agent.BORA.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Androm
Create hunting rule
Status:
Malicious
First seen:
2020-05-11 11:45:15 UTC
File Type:
Binary (Archive)
Extracted files:
27
AV detection:
25 of 48 (52.08%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=kplybhv2zvzfpfp7qjv5lllqszidfiktcuvd2lgj6malowmn7stq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

zip 53d7809ebacd725795ff826bd5ad70965032a153152a3d2cc9f300b7598dfca7

(this sample)

Loki

Executable exe 0adecb6f10ce532902f8c9fcd67682beb29f07cb3a6c791443cbb4991ded905b

  
Dropping
MD5 75d6b5bd75b7f70181281e2824fd877d
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0adecb6f10ce532902f8c9fcd67682beb29f07cb3a6c791443cbb4991ded905b

Comments