MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7d797a92da7d926481b30b6a7f215c6a2efec9c209a0096e42f6ec66d2ba566c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7d797a92da7d926481b30b6a7f215c6a2efec9c209a0096e42f6ec66d2ba566c
SHA3-384 hash: 2d9855da254cc6d12f35f90955634ba569a04640dcc19ab12a951235a3b4f9f19d274f65b1d3aabbdd0003be82dc7e1c
SHA1 hash: bb4fe8b57cb154ef34747d9755306c828c0bc943
MD5 hash: 8d7bd7325dfc6e87367e4426e5782e03
humanhash: rugby-eight-beryllium-juliet
File name:Payment Notification_pdf.arj
Download: download sample
Signature Loki
Create hunting rule
File size:1'087'035 bytes
First seen:2020-05-08 09:03:53 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:ZyBJbvPkMuRmQ20l0wSDyrmfxmdutphedcb6rORQYffWtdW:ZwLtuRmshSXledA6KFWa
TLSH A43533F5AD82635A2BC9B938D4EFFBC57F287D144132D6406BF25B849D7D28E850E0A0
Reporter abuse_ch
Tags:arj Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: pkz48-3-spamexpert2.hoster.kz
Sending IP: 185.113.132.44
From: elena@ttk.kz
Subject: Notice Payment to Suppliers
Attachment: Payment Notification_pdf.arj (contains "Payment Notification_pdf.exe")

Loki C2:
http://oneflextiank.com/cola/five/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.27684.AidExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.PSW.Agent.BORA.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.25815.ZipHeur.BadExt.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-08 09:36:04 UTC
AV detection:
31 of 48 (64.58%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=pv4xvew2pwjgjantbnvh6ik4nixp5socbgqas3sc63wgnuv2kzwa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

zip 7d797a92da7d926481b30b6a7f215c6a2efec9c209a0096e42f6ec66d2ba566c

(this sample)

Loki

Executable exe 50b314825821a231dd4a13782bd1c927a590e30d186fe1ed28fd26940a9ee5e0

  
Dropping
MD5 9ffd557ac6d2f24ef7896ad19bf54b8b
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 50b314825821a231dd4a13782bd1c927a590e30d186fe1ed28fd26940a9ee5e0

Comments