MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8d3b02b570bcda97295ffabb790ace288a6415fc1da122e2bdf00e978d3ec976. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8d3b02b570bcda97295ffabb790ace288a6415fc1da122e2bdf00e978d3ec976
SHA3-384 hash: 674d5625c449c274ea629144f28ca675b135404e9d3e4001116a972fe1eb720797f75931aae6ab0e6ea455c582934d70
SHA1 hash: 6a9603ccc6445ed46fd3ac3c3e06ba2d0dae9d74
MD5 hash: 619ec5007ba0022c6d0d4ca5f4763a92
humanhash: magnesium-ohio-lithium-table
File name:TT copy.rar
Download: download sample
Signature Loki
Create hunting rule
File size:335'539 bytes
First seen:2020-06-20 07:01:19 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:uR1/f6kcIg2HhbVFveiMqlkl+3peO2WaLimfrUwS4q1pDLjOfXpg5:Y1/Ck82BxhVMqlS+5exW6imgwS4qzDLv
TLSH 4764235D3AFF1EFD06A37B81F4937F9906A581D6AAD2A4A2F02085CC3E0D4C94765933
Reporter abuse_ch
Tags:Loki rar


Avatar
abuse_ch
Malspam distributing Loki:

HELO: ns370859.ip-94-23-221.eu
Sending IP: 94.23.221.226
From: Curtis Tsai<Curtis.Tsai@schneider-electric.com>
Reply-To: <Curtis.Tsai@schneider-electric.com>
Subject: confirmation of payment
Attachment: TT copy.rar (contains "TT copy_pdf.exe")

Loki C2:
http://egamcorps.ga/~zadmin/lmark/harley/mode.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
89
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27382.Rar5Heur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Backdoor.Androm
Create hunting rule
Status:
Malicious
First seen:
2020-06-20 07:03:04 UTC
AV detection:
22 of 48 (45.83%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ru5qfnlqxtnjokk77k5xscwofcfgifp4dwqsfyv56ahjpdj6zf3a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

rar 8d3b02b570bcda97295ffabb790ace288a6415fc1da122e2bdf00e978d3ec976

(this sample)

Loki

Executable exe beb325c4d4faeeb952802e03d0c8db4ff8ef74e8b4f48848b2722b2f83c82d96

  
Dropping
MD5 7f575b3eb2663f47d56bd804d2524bee
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 beb325c4d4faeeb952802e03d0c8db4ff8ef74e8b4f48848b2722b2f83c82d96

Comments