MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8234b12e2d69c60d214dc4e9d4388860861034642c8dded1cd4bf6b52e762fc8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8234b12e2d69c60d214dc4e9d4388860861034642c8dded1cd4bf6b52e762fc8
SHA3-384 hash: 4b61aa33d2741631da219965144cdb344818fa53fdab8e646ce899367a8ea22f333f81f42c828706c33d111e0f615e87
SHA1 hash: ca3581b3594cdf777ce140733c0a6928a04c9ad3
MD5 hash: 002370211b58eedb0f533a50ad39d566
humanhash: oranges-finch-item-lion
File name:7775_PDF.arj
Download: download sample
Signature Loki
Create hunting rule
File size:794'040 bytes
First seen:2020-05-12 15:55:39 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:RXcNZYeyznubowgxiUDsNOGOqkaElHvnV0BJG26E8EeRzfGHXo/iDhBoOH:+Yein2i7qOGnkBZeHuE8E0zuHXoC
TLSH A8F43383DF9C013C156A9C748F0A28349C851F53368C3259778EBC9E9ABD87B1729B63
Reporter abuse_ch
Tags:arj Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: server.h-12238.kz
Sending IP: 194.4.58.33
From: kc_operator1@galmart.kz
Subject: Payment Advice -SWIFT Transfer (103)
Attachment: 7775_PDF.arj (contains "7775_PDF.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.PSW.Agent.BORA.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-12 04:33:25 UTC
AV detection:
13 of 48 (27.08%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=qi2lclrnnhda2iknytu5ioeimcdbandefsg55uonjp3lkltwf7ea._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

zip 8234b12e2d69c60d214dc4e9d4388860861034642c8dded1cd4bf6b52e762fc8

(this sample)

Loki

Executable exe acd12da4b4032af20f766c6a2e26b837bcfd543fd01031fb0a9e4812ef66d103

  
Dropping
MD5 48e12514b0ad66878eec48444c937dcc
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 acd12da4b4032af20f766c6a2e26b837bcfd543fd01031fb0a9e4812ef66d103

Comments