MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5dcc1f0a4fb43489e75bc16a33f6ff4a00e599385a08ad0537447e09be3bf2b1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5dcc1f0a4fb43489e75bc16a33f6ff4a00e599385a08ad0537447e09be3bf2b1
SHA3-384 hash: fca3751990e844a8392a4b3824fa3ae2edae4a19d74bf8eb75975480f0e971af68ac08b5423859f8a43df21126e5e008
SHA1 hash: 990e86ef17f724e955d3c9ee5edb92ec13077b14
MD5 hash: d31373be306d1a93ec461b7f60465e80
humanhash: seven-island-sad-seven
File name:SQ_08376.gz
Download: download sample
Signature Loki
Create hunting rule
File size:392'598 bytes
First seen:2020-11-20 08:02:00 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:0Az8lrt0o2WA2OAj7HKTy9Qs75Df1RumoaSPh7cqGvVknnIk/BmKGOWULHtC6984:Kl6DWAZAnKTyB7Vfru3hKvVkIIXQDHtu
TLSH D2842341A4CDCEDDAEC514FA7A5406847CA9D9EE86DACE098266FF5C770C6FCC294308
Reporter abuse_ch
Tags:gz Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: eu1-cpnl-navana.webserverlayer.com
Sending IP: 188.165.3.66
From: UNITED BANK OF AFRICA <tahmina_acc@navanapharma.com>
Subject: UBA PAYMENTS,
Attachment: SQ_08376.gz (contains "SQ_08376.exe")

Loki C2:
http://warrtegg.com/popo/popo1/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
114
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5dcc1f0a4fb43489e75bc16a33f6ff4a00e599385a08ad0537447e09be3bf2b1/
Threat name:
Win32.Backdoor.Androm
Create hunting rule
Status:
Malicious
First seen:
2020-11-20 08:02:08 UTC
AV detection:
16 of 48 (33.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=lxgb6cspwq2itz23yfvdh5x7jiaolgjyliek2bjxir7atpr36kyq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

zip 5dcc1f0a4fb43489e75bc16a33f6ff4a00e599385a08ad0537447e09be3bf2b1

(this sample)

Loki

Executable exe 74d851124cb61ff4faf7a6cadc947d4f1786fc416f4676d6b4bdcaa5bb60b49b

  
Dropping
MD5 dbc464a0476c24d698d0ac6c767c1b60
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 74d851124cb61ff4faf7a6cadc947d4f1786fc416f4676d6b4bdcaa5bb60b49b

Comments