MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8d3690d096240a98cca75299c4f4264c7e64b306f0684a98d3afe271e875c9ff. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8d3690d096240a98cca75299c4f4264c7e64b306f0684a98d3afe271e875c9ff
SHA3-384 hash: e96ce574fb77d05eaede959e49037c3215749cdb07da174ffc159994fbda4d1d45c419bc89e367d34c5ebcc2c34f3157
SHA1 hash: 23d5b8f81c62a988338d349251fde1a54b159171
MD5 hash: 922861429961c425a9d3cf879b3ed4ae
humanhash: tennessee-wyoming-uncle-fillet
File name:Remittance Advice-103847854998543.txt.gz
Download: download sample
Signature Loki
Create hunting rule
File size:346'332 bytes
First seen:2020-10-23 08:59:19 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 6144:hPHkVqahapcgEppp6V42/i7t+caRWq86DMaB9TJ4i7Kjo29MGI2wxEhzPSpso:hPmwEvi42qRKvbhJZejM5xEi
TLSH 7A742322C4F555CD2B691070F14EABD494D253A0FAAE37CA9162CB3434256339EA4FFB
Reporter abuse_ch
Tags:gz Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: dekomutfak.com
Sending IP: 83.149.106.6
From: Muhasebe Parsa <info@dekomutfak.com>
Subject: RE: Transfer Copy
Attachment: Remittance Advice-103847854998543.txt.gz (contains "Remittance Advice-#103847854998543.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
89
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8d3690d096240a98cca75299c4f4264c7e64b306f0684a98d3afe271e875c9ff/
Threat name:
Win32.Trojan.LokibotCrypt
Create hunting rule
Status:
Malicious
First seen:
2020-10-23 08:11:08 UTC
AV detection:
17 of 48 (35.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ru3jbueweqfjrtfhkkm4j5bgjr7gjmyg6buevggtv7rhd2dvzh7q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

gz 8d3690d096240a98cca75299c4f4264c7e64b306f0684a98d3afe271e875c9ff

(this sample)

Loki

Executable exe 4b9d6921c78211705daddc2842fd240d77a25a229980e2c2139ea34680a7f11b

  
Dropping
MD5 371a120c6169703a934fa70021e2154f
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4b9d6921c78211705daddc2842fd240d77a25a229980e2c2139ea34680a7f11b

Comments