MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a052adecf1d257ebb7e99ace172086279e8232a69eff5f1e67eeb7d7cbc253f6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a052adecf1d257ebb7e99ace172086279e8232a69eff5f1e67eeb7d7cbc253f6
SHA3-384 hash: c0278557822830002780c08d9adba8e70f1e2646d02749b566ae50542822dd42b5cb10f9515b159c4c535612d1a835ce
SHA1 hash: 873c7788ce2d660a711b8ae9816addc272deabe2
MD5 hash: 53e5d28222cdc1056b04ae2f77f11512
humanhash: connecticut-nineteen-oscar-finch
File name:Payment Copy.zip
Download: download sample
Signature Loki
Create hunting rule
File size:991'534 bytes
First seen:2021-02-11 10:35:45 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:JvN1KmtPu9s16t0Lz46adgla19wd1kImZ18A2oNMyYnTmXsGf:JvzL2+6GX46aala19wRmPSNnqB
TLSH 6A2533F9BE91AB59D372C702BF2E865D3D264D5F343A6BE68039F01CB26110468DC9E4
Reporter cocaman
Tags:Loki zip


Avatar
cocaman
Malicious email (T1566.001)
From: ""Accounts Manager"<account@gmail.com>" (likely spoofed)
Received: "from gmail.com (unknown [185.235.165.234]) "
Date: "11 Feb 2021 02:13:06 -0800"
Subject: "Payment Copy (Swift)"
Attachment: "Payment Copy.zip"

Intelligence

File Origin
# of uploads :
1
# of downloads :
135
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Zip_fs414.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.21237.ZipHeur.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a052adecf1d257ebb7e99ace172086279e8232a69eff5f1e67eeb7d7cbc253f6/
Threat name:
ByteCode-MSIL.Backdoor.Androm
Create hunting rule
Status:
Malicious
First seen:
2021-02-11 04:45:17 UTC
File Type:
Binary (Archive)
Extracted files:
125
AV detection:
14 of 29 (48.28%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ubjk33hr2jl6xn7jtlhboiege6piemvgt37v6hth5235ps6ckp3a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

zip a052adecf1d257ebb7e99ace172086279e8232a69eff5f1e67eeb7d7cbc253f6

(this sample)

Loki

Executable exe de356fa5f4820cbc26b24852c1052c73dc4029e0a08f9f2a857f5a12434dca30

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 de356fa5f4820cbc26b24852c1052c73dc4029e0a08f9f2a857f5a12434dca30
  
Dropping
Loki

Comments