MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 69cbf7fe56a7c6eb418ba244209b683c616dd17324e309734f67430bdf8275a6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 69cbf7fe56a7c6eb418ba244209b683c616dd17324e309734f67430bdf8275a6
SHA3-384 hash: cc5e3fd7ca59a10e6bb1ee458ad59f788765fe2b168753a3f336a94c8dcf8f9c9c5d7771296b59fb77d05338bcee8c8e
SHA1 hash: e6165966136cafbc5763c7cdd2aa519573bb1f1c
MD5 hash: 24f36b47cc02cad3633e92e56f293bc4
humanhash: lemon-seventeen-beer-video
File name:InwarehouseAdvice-CHR Ref334686691.zip
Download: download sample
Signature Loki
Create hunting rule
File size:460'264 bytes
First seen:2021-01-12 07:19:05 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:JZj7vTVFZgX9NBVOKRnlC2hixj6LvdUNm5UfuGV6j:Jh7bDZG7HKxjoygguGV6j
TLSH 6DA42381E3C8A965E55890F83DC9FD8CD7F378B51F2385326359D8D8AA53E43AC4A81C
Reporter abuse_ch
Tags:Loki zip


Avatar
abuse_ch
Malspam distributing Loki:

HELO: mail.jetmails.xyz
Sending IP: 5.189.220.165
From: "Jennifer Chen <Jennifer.Chen@chrobinson.com>" <admin@jetmails.xyz>
Subject: S/O# 0822 cut off; 01/18 <AMEND> s/o# N085 Cut off:01/22 聯船期詢問
Attachment: InwarehouseAdvice-CHR Ref334686691.zip (contains "InwarehouseAdvice-CHR Ref#334686691.scr")

Intelligence

File Origin
# of uploads :
1
# of downloads :
145
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Heur.15234.2404.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/69cbf7fe56a7c6eb418ba244209b683c616dd17324e309734f67430bdf8275a6/
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=nhf7p7swu7dowqmlujccbg3ihrqw3ultetrqs42pm5bqxx4cowta._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Lokibot
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/69cbf7fe56a7c6eb418ba244209b683c616dd17324e309734f67430bdf8275a6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

zip 69cbf7fe56a7c6eb418ba244209b683c616dd17324e309734f67430bdf8275a6

(this sample)

Loki

Executable exe 0cc23a0f8a6800a2641d311eadeab93c924473b309a9a3de7ed61bc258a049a7

  
Dropping
MD5 80ba81f901536fc964432ce1d16fc5a6
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0cc23a0f8a6800a2641d311eadeab93c924473b309a9a3de7ed61bc258a049a7

Comments