MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6cb0c34cb82139a20ef69574a7013b03229f551c7e80313843bd3d59991f12f2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6cb0c34cb82139a20ef69574a7013b03229f551c7e80313843bd3d59991f12f2
SHA3-384 hash: 994377cad7b5d4641de0e1d4d31ed4dd42dc1510fc3343e9f0c560cf590c9c33abaf7e11c9f020f2344fdb2e40a33718
SHA1 hash: b9d445a7263e802f8cbf9cdd7a7e01fc74846429
MD5 hash: 0a7d090ef4b4e464f985b45472988699
humanhash: fruit-may-alaska-yankee
File name:772_666_pdf.arj
Download: download sample
Signature Loki
Create hunting rule
File size:380'987 bytes
First seen:2020-04-01 10:34:33 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:01CvhfOWl1AfXfmy8MD8xjIosBOCl9U2YtZCE+8txetx5ahsIy0uGOJ/ICwz6vNs:Citl1evmydDoABOKU2YDCE+8G/sLy1Gz
TLSH 9C8423D0FB437FD12AD2512B728F55CE53AB953229BD8AE5F4F808803AF0A79754481B
Reporter abuse_ch
Tags:arj COVID-19 Loki


Avatar
abuse_ch
COVID-19 themed malspam distributing Loki:

HELO: fake.com
Sending IP: 89.40.114.225
From: finance2 <thiel@cedarpoint.com>
Subject: COVID-19: Copy of Transfer Receipt From Our Bank
Attachment: 772_666_pdf.arj (contains "772_666_pdf.exe")

Loki C2:
http://ducatl.com/cream/five/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Sanesecurity.Malware.25815.ZipHeur.BadExt.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-04-01 10:35:34 UTC
AV detection:
30 of 47 (63.83%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=nsymgtfyee42edxwsv2koaj3amrj6vi4p2adcocdxu6vtgi7clza._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

zip 6cb0c34cb82139a20ef69574a7013b03229f551c7e80313843bd3d59991f12f2

(this sample)

Loki

Executable exe ffc8920265a326a746708c21222c3546242b468d202b2be2f4f9e99462fec235

  
Dropping
MD5 af8c4d839b47c2fcdbc3109e2ca170f3
  
Dropping
SHA256 ffc8920265a326a746708c21222c3546242b468d202b2be2f4f9e99462fec235
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ffc8920265a326a746708c21222c3546242b468d202b2be2f4f9e99462fec235

Comments