MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5992abdf2de9aef3674404c1ddbcfeccab6a00838937aee19ab43ff269a90d9d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5992abdf2de9aef3674404c1ddbcfeccab6a00838937aee19ab43ff269a90d9d
SHA3-384 hash: 7713898fa51079f4dcc3d758625d06c4093f88a39c2e2389486f95f4bd3ce25f05bdb4498f176124fe381ea5467afddb
SHA1 hash: a9d3a558dbb82474ad3ab6e06927d19290e70cdf
MD5 hash: 81b7b773b07d8e0a879c6d17e5b80849
humanhash: chicken-quebec-princess-princess
File name:Scan Invoice_pdf.gz
Download: download sample
Signature Loki
Create hunting rule
File size:910'225 bytes
First seen:2020-06-02 10:21:06 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 24576:k4lBElnws0OIEq+D7l9N1fvb//PolgUNfjIpaNmLh:k4clnwzOIB+D7LN17PtUNfjBeh
TLSH CC1533883132A3A064F3588DAFD59E78B7B09A1320173571B2DE65484DAEC6BDD732C6
Reporter abuse_ch
Tags:gz Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: staging.maykenbel.com
Sending IP: 195.12.49.182
From: Rafał Gąsior <rafal.gasior@astoria.pl>
Reply-To: Rafał Gąsior <rafal.gasior@astoria-pl.com>
Subject: RE: URGENT-Confirm Account Details/SOA Feb-May
Attachment: Scan Invoice_pdf.gz (contains "Scan Invoice_pdf.exe")

Loki C2:
http://poladata.co.id/dis/Panel/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-06-02 10:37:02 UTC
AV detection:
19 of 47 (40.43%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=lgjkxxzn5gxpgz2eata53ph6zsvwuaedre325ym2wq77e2njbwoq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

gz 5992abdf2de9aef3674404c1ddbcfeccab6a00838937aee19ab43ff269a90d9d

(this sample)

Loki

Executable exe e5d0489c5b615585c49b6389f66c7f9e3694078e7648272db4632affcc5457be

  
Dropping
MD5 f46a0c3b3f46b4297802ccfe633792b3
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e5d0489c5b615585c49b6389f66c7f9e3694078e7648272db4632affcc5457be

Comments