MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 79057aed165c47cc5f52097889fc6a8416f26816a954b6f4ac1e97df6a67be37. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 79057aed165c47cc5f52097889fc6a8416f26816a954b6f4ac1e97df6a67be37
SHA3-384 hash: ab371d9fc6b811ac3ce771cd76ddcaa032786ef50fc4cad501a10a0d82f27e9dbf40a61494e082b322bd768288b8869e
SHA1 hash: f221a33bf6ba15ecd9559accecb6c0d4080ce733
MD5 hash: f34de58f849d03c3971d79de1dade226
humanhash: colorado-uniform-charlie-low
File name:REQUEST FOR OFFER 1-19-2020.pdf.rar
Download: download sample
Signature Loki
Create hunting rule
File size:214'499 bytes
First seen:2021-01-19 07:23:36 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:w7kR8jyqt4liXVCBYqx47DZdBPyMquFB7R5b:Uk2jmiXVrZPRF3h
TLSH DE24236A4DA1A52D33E825EBF5622413AFD300983926364DAD466F0B01D7DF60B27F1F
Reporter abuse_ch
Tags:Loki rar


Avatar
abuse_ch
Malspam distributing Loki:

HELO: svr105.phsserver.net
Sending IP: 203.175.162.90
From: Chinese University of Hong Kong <admin@cuhk.edu.hk>
Subject: REQUEST FOR OFFER (Chinese University of Hong Kong) EUI894/SG4660
Attachment: REQUEST FOR OFFER 1-19-2020.pdf.rar (contains "crypter_pdf.exe")

Loki C2:
http://51.195.53.221/p.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
134
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27382.Rar5Heur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/79057aed165c47cc5f52097889fc6a8416f26816a954b6f4ac1e97df6a67be37/
Threat name:
Win32.Spyware.Noon
Create hunting rule
Status:
Malicious
First seen:
2021-01-19 07:24:14 UTC
AV detection:
13 of 46 (28.26%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=pecxv3iwlrd4yx2sbf4it7dkqqlpe2awvfkln5fmd2l562thxy3q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/79057aed165c47cc5f52097889fc6a8416f26816a954b6f4ac1e97df6a67be37

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

rar 79057aed165c47cc5f52097889fc6a8416f26816a954b6f4ac1e97df6a67be37

(this sample)

Loki

Executable exe 22f5494084ff004f52cf031f8dc00e72f764863e88b90be6e8fe0009af7178b9

  
Dropping
MD5 bfb726f86506ee1de674dad789db189d
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 22f5494084ff004f52cf031f8dc00e72f764863e88b90be6e8fe0009af7178b9

Comments