MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a0775cd232eed2c65ecdd54bdb7034eea361f61282e30707f10661422057c2dd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a0775cd232eed2c65ecdd54bdb7034eea361f61282e30707f10661422057c2dd
SHA3-384 hash: b315e0102a39a23cddf7e3de911abdb2f9af5e9e4916a1a948d568e461531c7ba50dca155d4427601d448eef1c3f852f
SHA1 hash: 0b15d59c3591080c63ab73591d960343241c176c
MD5 hash: bbfdd5aa0204ae5dffc74c2abed48aa4
humanhash: monkey-london-five-romeo
File name:Payment Advice_pdf.gz
Download: download sample
Signature Loki
Create hunting rule
File size:419'312 bytes
First seen:2020-10-15 10:39:10 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 6144:5Zbjv3vf+lOrcAgnv+Z0dqdHlrHIjtnFBCxb53X53LnU+MVg9kq1JIY9LOtKKqGG:vuIrUGuwdFLulfa1p3Y3Zq1JIYB+IGaz
TLSH E4942334AF20FAEEBC22520C71D4C3E434F867E946C61A28D660B34496551D61BDBFAF
Reporter abuse_ch
Tags:gz HSBC Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: server.harpr.com
Sending IP: 192.81.168.172
From: HSBC BANK LIMITED <advising.service@mail.hsbcnet.hsbc.com>
Subject: Payment Copy? - Tips Ref: [MT103] / Payment Priority / Customer Ref: [37035930FS37289]
Attachment: Payment Advice_pdf.gz (contains "Payment Advice_pdf.exe")

Loki C2:
http://195.69.140.147/.op/cr.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

SecuriteInfo.com.Trojan.PWS.Stealer.23680.14995.16068.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.27383.GZipHeur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a0775cd232eed2c65ecdd54bdb7034eea361f61282e30707f10661422057c2dd/
Threat name:
Win32.Trojan.LokibotCrypt
Create hunting rule
Status:
Malicious
First seen:
2020-10-14 18:04:06 UTC
AV detection:
21 of 29 (72.41%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ub3vzurs53jmmxwn2vf5w4bu52rwd5qsqlrqob7razqueicxyloq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Lokibot
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/a0775cd232eed2c65ecdd54bdb7034eea361f61282e30707f10661422057c2dd

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

gz a0775cd232eed2c65ecdd54bdb7034eea361f61282e30707f10661422057c2dd

(this sample)

Loki

Executable exe e1c2fa7e91fafcc9267986ba8a7a752434fba52bfabe07e8eefb2985ffa02827

  
Dropping
MD5 7b1ac2f1bcdc1c532b34eead2ad6fb51
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e1c2fa7e91fafcc9267986ba8a7a752434fba52bfabe07e8eefb2985ffa02827

Comments