MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8e7f647d64340a46803bbaf78b55f58620ad9be7337b03d7a0c3b15815f7ac13. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8e7f647d64340a46803bbaf78b55f58620ad9be7337b03d7a0c3b15815f7ac13
SHA3-384 hash: dfa1d4951c3ebd91c63ccea5a3e04ebf71c64198232eb8379cb5ab2e913b69676a6e7464c502413f4cf0aac0918d7069
SHA1 hash: b935ff61b1dfe39bb0a6355ebce8d88ab34b2a2d
MD5 hash: d608dfd41e9418084022887c8e9e739f
humanhash: white-hawaii-july-sweet
File name:RFQ AG-0420-01217 PK-CP1902-16.rar
Download: download sample
Signature Loki
Create hunting rule
File size:226'787 bytes
First seen:2020-06-17 05:55:37 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:H/XmHfWhO/znFGmGNXT5AHT90wx5nPGGvuTdJDC24:fXm+o/xT0XtAHp7x5nzidJDQ
TLSH AB24125DC06DA9A0B5A0AE1CD46C58720818C41FEA6FACFB5CDD494D90B6DDB2CCBE34
Reporter abuse_ch
Tags:Loki rar


Avatar
abuse_ch
Malspam distributing Loki:

HELO: pop.kenyaweb.com
Sending IP: 194.201.253.11
From: The S / Purchasing Director & Tech Intg <Sebastian.Brunn@haribo.com>
Subject: RFQ OUKATE TECH CO.,LTD [PK-CP1902-16,17]
Attachment: RFQ AG-0420-01217 PK-CP1902-16.rar (contains "RFQ AG-0420-01217 [PK-CP1902-16].exe")

Loki C2:
http://superson-com.ml/Pablo/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-17 04:03:21 UTC
AV detection:
17 of 31 (54.84%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=rz7wi7legqfenab3xl3ywvpvqyqk3g7hgn5qhv5ayoyvqfpxvqjq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

rar 8e7f647d64340a46803bbaf78b55f58620ad9be7337b03d7a0c3b15815f7ac13

(this sample)

Loki

Executable exe f7402454608a5e4510e78a5332f29cbbb01df24be9a879c0c48f27e69a66777d

  
Dropping
MD5 ae9b1fc1664a723d1c67bf81e7452a95
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f7402454608a5e4510e78a5332f29cbbb01df24be9a879c0c48f27e69a66777d

Comments