MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9b183c1c75980e354b15479a73ece20256aa95a1f202284a4914630f556c0020. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9b183c1c75980e354b15479a73ece20256aa95a1f202284a4914630f556c0020
SHA3-384 hash: 3fd13eae6df8a58b605908350f629143a55eec9aaeef8432ffeede520f7413ec870e6a919d49f0ee0680700fc3e14061
SHA1 hash: 7897027d683144e51f4aaa41ce8399207fc8ed34
MD5 hash: 52ebb3323d9e4fa93ef6b1094d2c6e77
humanhash: lake-yankee-harry-cola
File name:PO_NO.231101-ENQUIRY Urgently.zip
Download: download sample
Signature Loki
Create hunting rule
File size:396'320 bytes
First seen:2020-06-26 06:44:52 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:X5p9/YMCjcCnW9+8CcPb71aV0mNOnAOjo:WhnsLjP92OnAqo
TLSH AC8423A3A9ED5C5541940C6553423366A64CF782B79EE1CB9FDC5B0FA82F0F16C113AC
Reporter abuse_ch
Tags:Loki zip


Avatar
abuse_ch
Malspam distributing Loki:

HELO: gmail.com
Sending IP: 156.96.62.70
From: "Silvia Chong" <Silviachong@gmail.com>
Reply-To: saipul.seltechutamaa@gmail.com
Subject: PO_NO.231101-ENQUIRY Urgently
Attachment: PO_NO.231101-ENQUIRY Urgently.zip (contains "PO_NO.231101-ENQUIRY Urgently.exe")

Loki C2:
http://coolgirlsnation.com/wp-includes/manba/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

SecuriteInfo.com.Variant.Zusy.307621.12684.6607.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9b183c1c75980e354b15479a73ece20256aa95a1f202284a4914630f556c0020/
Threat name:
Win32.Trojan.Skeeyah
Create hunting rule
Status:
Malicious
First seen:
2020-06-26 06:46:05 UTC
AV detection:
24 of 30 (80.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=tmmdyhdvtahdksyvi6nhh3hcajlkvfnb6ibcqssjcrrq6vlmaaqa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

zip 9b183c1c75980e354b15479a73ece20256aa95a1f202284a4914630f556c0020

(this sample)

Loki

Executable exe 0af98d66b8e07f0ecd7b08b403045c4ee83b402304b723d65afea8041a3db962

  
Dropping
MD5 e8056167fda62ab345a642116eac4797
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0af98d66b8e07f0ecd7b08b403045c4ee83b402304b723d65afea8041a3db962

Comments