MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 875801af7393aa61404b8b19a18ac733f24461d0e8f56df897090e8b75b572b4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 875801af7393aa61404b8b19a18ac733f24461d0e8f56df897090e8b75b572b4
SHA3-384 hash: 37afe7c53d8c44c94c1d1985fc8691da1e498c5fda5087551eca619edc6eef24660c7006048910fb11610989973a62d3
SHA1 hash: 3bd10be5fb5672d4ae91b26e30afbebb8760875a
MD5 hash: 794275f63b0df8a3e7bf85b47539da96
humanhash: harry-fish-mobile-butter
File name:FP Inv BPNIR00015564.pdf.gz
Download: download sample
Signature Loki
Create hunting rule
File size:356'919 bytes
First seen:2020-10-16 17:55:15 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 6144:gE01O2LHz/K12Q81irQ+6QyP8Uqp3ufDVq1fg1lP/ZVPusXRdx3axpHgu:eTvKwi56TVGZxgHnZZuOF+Au
TLSH 4B7423BB9345EC05050C51129364FE42C78592F3358FBBB36EE952A87DF704BE6668C4
Reporter abuse_ch
Tags:DHL gz Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: server.tuguhotels.com
Sending IP: 103.219.251.235
From: DHL Billing Parcel <saigonsan@tuguhotels.com>
Subject: RE: Outstanding Invoice AWB00015564 with the Requested Paperwork
Attachment: FP Inv BPNIR00015564.pdf.gz (contains "gunzipped")

Loki C2:
http://venitronics.com/oo/Panel/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

PUA.Win.Adware.Webalta-6912039-0
Create hunting rule

SecuriteInfo.com.Variant.Strictor.250317.26547.13191.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.27281.GZipHeur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/875801af7393aa61404b8b19a18ac733f24461d0e8f56df897090e8b75b572b4/
Threat name:
Win32.Trojan.Strictor
Create hunting rule
Status:
Malicious
First seen:
2020-10-16 15:18:20 UTC
AV detection:
17 of 48 (35.42%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=q5madl3tsovgcqclrmm2dcwhgpzeiyoq5d2w36exbehiw5nvok2a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Lokibot
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/875801af7393aa61404b8b19a18ac733f24461d0e8f56df897090e8b75b572b4

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

gz 875801af7393aa61404b8b19a18ac733f24461d0e8f56df897090e8b75b572b4

(this sample)

Loki

Executable exe 580e2cee4eaf9102e25345a5d152f57a98b1d9299983d176575115ac6267f04e

  
Dropping
MD5 608e8f9b1f8a6eb2ff3b73e8f7350e26
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 580e2cee4eaf9102e25345a5d152f57a98b1d9299983d176575115ac6267f04e

Comments