MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7372e070a13a97907cff9b0bc08372f78d0ee33d9c78d254d0a856228a2e6aa3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7372e070a13a97907cff9b0bc08372f78d0ee33d9c78d254d0a856228a2e6aa3
SHA3-384 hash: d6046c0c3774459e2d0dab08a0971ff4d6fb53c98e100e2458ba508d99ab4034135617dd1a28286ddc7244d8b0ea3250
SHA1 hash: d9921312fc5e2823c0976dd3ba3013fd49f6b0be
MD5 hash: 05205675eaf87569f9d61893bdd145d3
humanhash: august-stream-enemy-idaho
File name:MOM Daily attendance uodate form·pdf.zip
Download: download sample
Signature Loki
Create hunting rule
File size:224'127 bytes
First seen:2021-01-19 07:19:29 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:xC+E6D7JaM/6kuLsiIHfzQWtDksW5wyBQtSJeYeqFgtc:xCNkB2si6RDk6yBdwoatc
TLSH 212423D99FEF3B253D89187180B51D571387B748AD01B6CA82A1130D912F7A7F2B7A03
Reporter abuse_ch
Tags:Loki zip


Avatar
abuse_ch
Malspam distributing Loki:

HELO: cloudhost-2060988.uk-south-2.nxcli.net
Sending IP: 165.84.218.167
From: MOM ACE (No Reply) <no_reply_ace@mom.gov.sg>
Subject: Swab Registration System : Daily Attendance update
Attachment: MOM Daily attendance uodate form·pdf.zip (contains "MOM Daily attendance uodate form·pdf.exe")

Loki C2:
http://51.195.53.221/p.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
112
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Bang5mai-6804572-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7372e070a13a97907cff9b0bc08372f78d0ee33d9c78d254d0a856228a2e6aa3/
Threat name:
Win32.Spyware.Noon
Create hunting rule
Status:
Malicious
First seen:
2021-01-19 07:20:10 UTC
AV detection:
14 of 46 (30.43%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=onzoa4fbhklza7h7tmf4ba3s66gq5yz5tr4nevgqvblcfcronkrq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Lokibot
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/7372e070a13a97907cff9b0bc08372f78d0ee33d9c78d254d0a856228a2e6aa3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

zip 7372e070a13a97907cff9b0bc08372f78d0ee33d9c78d254d0a856228a2e6aa3

(this sample)

Loki

Executable exe 445e1ae4fb515ce4fca81255fc4f569ba238d2a7b3ba0c093f4d55bc8fa5ae08

  
Dropping
MD5 66d95510f3a550106e1bd6d3dd187865
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 445e1ae4fb515ce4fca81255fc4f569ba238d2a7b3ba0c093f4d55bc8fa5ae08

Comments