MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8c8a67a6be58b01976cc0348c12fa322d7fff42dedd86c4c773f816814377c68. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8c8a67a6be58b01976cc0348c12fa322d7fff42dedd86c4c773f816814377c68
SHA3-384 hash: 97b44a421c03e31271638d58397acbf9a79f6dd2faf4b77d25dd46c372fa6f8045d962202401b7a8949be43129748565
SHA1 hash: cac1c06c40820edfb43fe37e806248f10cd3f5d6
MD5 hash: 9aa8e2b8d0d0fd97546605ceb30e06a0
humanhash: mexico-north-two-music
File name:ΑΙΤΗΣΗ ΓΙΑ ΠΡΟΣΦΟΡΑ 20-11-2020-pdf.exe.gz
Download: download sample
Signature Loki
Create hunting rule
File size:392'658 bytes
First seen:2020-11-20 08:02:47 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:pFWkAghgiOKA/99QYrLCMAR+MlhdgP0BLhPbmFUg+70/8/jZwfzyV+3JtIvvLLwU:ppAYgiVA/eRFvW0NnI0r6yViJtiv8+n
TLSH A584231762F446122A127036AF13BC61EBDED888E5F752D107764ADB9A2FBEF213C501
Reporter abuse_ch
Tags:geo GRC gz Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: copex.hpservidor.com
Sending IP: 184.175.82.131
From: Αριστοτέλειο Πανεπιστήμιο Θεσσαλονίκης <webmaster@auth.gr>
Subject: ΑΙΤΗΣΗ ΓΙΑ ΠΡΟΣΦΟΡΑ (Αριστοτέλειο Πανεπιστήμιο Θεσσαλονίκης) EUI894/GR4633
Attachment: ΑΙΤΗΣΗ ΓΙΑ ΠΡΟΣΦΟΡΑ 20-11-2020-pdf.exe.gz (contains "ΑΙΤΗΣΗ ΓΙΑ ΠΡΟΣΦΟΡΑ 20-11-2020-pdf.exe")

Loki C2:
http://195.69.140.147/.op/cr.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
126
Origin country :
n/a
Vendor Threat Intelligence
Result
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8c8a67a6be58b01976cc0348c12fa322d7fff42dedd86c4c773f816814377c68/
Threat name:
Win32.Backdoor.Androm
Create hunting rule
Status:
Malicious
First seen:
2020-11-20 08:03:10 UTC
AV detection:
25 of 29 (86.21%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=rsfgpjv6lcybs5wmanemcl5dell775bn5xmgytdxh6awqfbxprua._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

zip 8c8a67a6be58b01976cc0348c12fa322d7fff42dedd86c4c773f816814377c68

(this sample)

Loki

Executable exe 46a23d74b3ffa5afa97ae6cfca0f603f36974f1494b7398f536e76d4ce085d86

  
Dropping
MD5 7daea66ae5408f174614cd0632eeb2f6
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 46a23d74b3ffa5afa97ae6cfca0f603f36974f1494b7398f536e76d4ce085d86

Comments