MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 97fbcd814772407d47973394280116109f34439204791d6fa7e01152d2492adb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 97fbcd814772407d47973394280116109f34439204791d6fa7e01152d2492adb
SHA3-384 hash: 06815a1e3f97fa6a36ab136d5da25ad1cf626f78d4a25bcc612a033ef89a1b4d632ab0a1594195c213d42cbc67823a03
SHA1 hash: e9e7c3f3d84a3c33cea22c3ecab3220db8cfba9d
MD5 hash: 9d57e1fb3763f7ea7a66b63085e3f0f4
humanhash: cola-hamper-lake-jupiter
File name:Banco de Galicia-AR26679XXXX0037X.doc.iso
Download: download sample
Signature Loki
Create hunting rule
File size:714'752 bytes
First seen:2020-10-15 11:11:23 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 12288:XffwRD4Hfx+TA6dPagGoOFGoZZvMVZEtNj+/wA0i5fEka33zk7PW:v4a/x+TA6dPTO4o7MviNuwVJk
TLSH D4E49E2EB2E19533CD27163DDC0B9764982ABD503938684E7FEB1D4C9F3968D3429293
Reporter abuse_ch
Tags:ARG geo iso Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: mail.saldus.lv
Sending IP: 195.13.214.8
From: Banco de Galicia y Buenos Aires S.A <noreply_statemients@bancogalicia.com.ar>
Subject: Extracto de cuenta / Ref: AR26679XXX026037XX No 94 / 14.10.2020
Attachment: Banco de Galicia-AR26679XXXX0037X.doc.iso (contains "Banco de Galicia-AR26679XXXX0037X.doc.exe")

Loki C2:
http://xcpx.xyz/V3/five/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
71
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

PUA.Win.Adware.Webalta-6912039-0
Create hunting rule

SecuriteInfo.com.BackDoor.SpyBotNET.25.21177.5233.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/97fbcd814772407d47973394280116109f34439204791d6fa7e01152d2492adb/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-10-15 04:20:12 UTC
AV detection:
15 of 48 (31.25%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=s7543akhojah2r4xgokcqaiwccptiq4sar4r235h4aivfusjflnq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/97fbcd814772407d47973394280116109f34439204791d6fa7e01152d2492adb

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

iso 97fbcd814772407d47973394280116109f34439204791d6fa7e01152d2492adb

(this sample)

Loki

Executable exe c14b91a52b8b3cabc5d7a071498f0ad8af9e5acb5ffdf289a5d50a1c71ccb66d

  
Dropping
MD5 0490f97e26d9dacf253607c00e89b7d8
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c14b91a52b8b3cabc5d7a071498f0ad8af9e5acb5ffdf289a5d50a1c71ccb66d

Comments