MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8e1dc06d11ff818d1cf74890b63fed336560851677e10be0728c764d1ced52b6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8e1dc06d11ff818d1cf74890b63fed336560851677e10be0728c764d1ced52b6
SHA3-384 hash: 68a8ec6fa0ed21b50311efaf9690b595c7435e078c9ec25f8066ad27f49210724e511aeb75a66db2a4d5ed15540b925c
SHA1 hash: bbb2f92118f8d840431626f9cf6f34b8c1eeff9e
MD5 hash: d85ecc6580990a154e79edad8baf4eb5
humanhash: tennis-indigo-venus-spaghetti
File name:ORDER PROPOSAL 097263200_pdf.gz
Download: download sample
Signature Loki
Create hunting rule
File size:202'705 bytes
First seen:2020-07-21 10:03:11 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 6144:5QCcxRD4L0PnuzLcIZOU6E8Uqyniv5Uz4Pn03IlYDdc5:FmR8wPn/eH8Xyn81Pn0Yl2O
TLSH 911423B0D464F9A5F32AA66B42CDD69A240BF1C15F3D3D6DC33C033EA48E2139C59665
Reporter abuse_ch
Tags:gz Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: mail0.gillonuminno.ga
Sending IP: 46.101.111.203
From: Fibble Global Trading Co. <purchase.mgr@gillonuminno.ga>
Subject: PRODUCT INQUIRY - ORDER PROPOSAL [#097263]200
Attachment: ORDER PROPOSAL 097263200_pdf.gz (contains "ORDER PROPOSAL 097263200_pdf.exe")

Loki C2:
http://niskioglasi.rs/test2/Panel/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27383.GZipHeur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8e1dc06d11ff818d1cf74890b63fed336560851677e10be0728c764d1ced52b6/
Threat name:
ByteCode-MSIL.Infostealer.Primarypass
Create hunting rule
Status:
Malicious
First seen:
2020-07-21 10:05:05 UTC
AV detection:
17 of 48 (35.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ryo4a3ir76ay2hhxjcilmp7ngnswbbiwo7qqxydsrr3e2hhnkk3a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/8e1dc06d11ff818d1cf74890b63fed336560851677e10be0728c764d1ced52b6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

gz 8e1dc06d11ff818d1cf74890b63fed336560851677e10be0728c764d1ced52b6

(this sample)

Loki

Executable exe 154f3ced0eeec42f94c4d6fe459d18c436e1eec7cbfc8ee13823acf2e1a8a3d7

  
Dropping
MD5 63d8218cdaa33e07c06e4b523575eae4
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 154f3ced0eeec42f94c4d6fe459d18c436e1eec7cbfc8ee13823acf2e1a8a3d7

Comments