MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 704eda6c53a3a05c09d254a63a182e55edce9da4529213ddd632c640eefa4f43. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 704eda6c53a3a05c09d254a63a182e55edce9da4529213ddd632c640eefa4f43
SHA3-384 hash: f02d60151d30f99c530e61b0244a7a9e1c9dcee311c51da731e1e7a480aafe10e4247487eff919d34e633e1582b262b5
SHA1 hash: 889b1f7be4999a24aeaeca5295faa6776823a727
MD5 hash: 8214038db5ad721174e5209e1e4888c3
humanhash: mars-kentucky-berlin-lion
File name:T8823_pdf.rar
Download: download sample
Signature Loki
Create hunting rule
File size:338'348 bytes
First seen:2020-11-20 07:50:09 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:xTP7vF3TLibic4tOhuRqa9Iugwy7cAMHPdihclp5htpbkbiPV200FLY+yoHAXFcf:h7N3Hibd4oBas3AA2d+c3Jpbkp0ILZoM
TLSH 8474235DC7C5865B879BCCC9ECDC5E436281263CE108663EC99CA962F574A7A1C3E2CC
Reporter abuse_ch
Tags:Loki rar


Avatar
abuse_ch
Malspam distributing Loki:

HELO: mail.intelmed.kg
Sending IP: 77.235.21.148
From: Гульбайра Максуталиева <g.maksutalieva@intelmed.kg>
Subject: URGENT : ERROR PAYMENT TO YOUR BANK ACCOUNT {REF 01463}
Attachment: T8823_pdf.rar (contains "T8823_pdf.exe")

Loki C2:
http://blueriiver-eu.com/vera/vera3/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
95
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/704eda6c53a3a05c09d254a63a182e55edce9da4529213ddd632c640eefa4f43/
Threat name:
Win32.Spyware.Woreflint
Create hunting rule
Status:
Malicious
First seen:
2020-11-19 23:35:18 UTC
AV detection:
19 of 29 (65.52%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=obhnu3ctuoqfycoskstdugbokxw45hnekkjbhxowgldeb3x2j5bq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

rar 704eda6c53a3a05c09d254a63a182e55edce9da4529213ddd632c640eefa4f43

(this sample)

Loki

Executable exe 766473f63cee1739471280b3d10200678de22ca00a1394d2895578f8742875f9

  
Dropping
MD5 f395549a8fd6f28c8809faffc8e1e823
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 766473f63cee1739471280b3d10200678de22ca00a1394d2895578f8742875f9

Comments