MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 76907971155e0da50fa727638d4122aa7977092d377e1757cd7ce598938b2e37. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 76907971155e0da50fa727638d4122aa7977092d377e1757cd7ce598938b2e37
SHA3-384 hash: 166ab833c1e7c14a79896124dcef924a30f03a4f2adb584ddfc0c8ba18a6038f1ed98edf61bc58a924204cf46d836cd7
SHA1 hash: daf2a344f2f43f753102463c1b4e690aceacdd09
MD5 hash: f84cf06425077b6dbeb5bd5890ba7d91
humanhash: august-oscar-cat-sodium
File name:INV02072020PO9876.gz
Download: download sample
Signature Loki
Create hunting rule
File size:214'711 bytes
First seen:2020-07-02 07:01:45 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 6144:LzMrjOHVxZMLruEn0nSj3YTDyKRLOgJmRTdEIqB:LYeHVCCEn0nSEROgs7ED
TLSH BD24235EBF41944F9A2AC398D6C9750ABF244FC562D2EEAB10F74C8B70C5501A4F7A31
Reporter abuse_ch
Tags:gz Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: sectec.co.kr
Sending IP: 5.101.151.104
From: Majid Jami <majid.jami@parsbehdasht.com>
Reply-To: info@dennisbearman.com
Subject: COVID-19-Order-JULY-02-07-20-Quote
Attachment: INV02072020PO9876.gz (contains "INV02072020PO9876.exe")

Loki C2:
http://egamcorps.ga/~zadmin/lmark/frega/mode.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/76907971155e0da50fa727638d4122aa7977092d377e1757cd7ce598938b2e37/
Threat name:
Win32.Backdoor.Androm
Create hunting rule
Status:
Malicious
First seen:
2020-07-02 07:03:09 UTC
AV detection:
14 of 29 (48.28%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=o2ihs4ivlyg2kd5he5ry2qjcvj4xocjng57bov6nptszre4lfy3q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

gz 76907971155e0da50fa727638d4122aa7977092d377e1757cd7ce598938b2e37

(this sample)

Loki

Executable exe 068ec47d8b4ff08861d1a9f4548132c8408cac3ee909b19f2c69e837a6f61f03

  
Dropping
MD5 2d7d8d6c2e9de8461eef887545f79656
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 068ec47d8b4ff08861d1a9f4548132c8408cac3ee909b19f2c69e837a6f61f03

Comments