MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a6c63cc9e185e9856ba6aedb1cc3b8ed84b1faad179fd3686d2d7dc93f02e210. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a6c63cc9e185e9856ba6aedb1cc3b8ed84b1faad179fd3686d2d7dc93f02e210
SHA3-384 hash: 0a8b2a58da84c4a8bb62bd74ab994503f603caf35b695be355290af308c81ad60a05b5b5e527a32bd3e0134ac1f67832
SHA1 hash: 539aee12829b6c173f1b0ad2956f82c45632afa3
MD5 hash: b455888bd2370cd44f5e15182fd9ee34
humanhash: nitrogen-delta-fruit-eight
File name:SCAN_DRAFT_FCR_DSV_SHIPMENT.arj
Download: download sample
Signature Loki
Create hunting rule
File size:1'086'927 bytes
First seen:2020-05-08 09:03:27 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:d8c2RsQod0/k08PuKfiC/mXzUhjLKLpXu4mrgnpzHIZ2/sP:d8cDQod0/kOGT/mRLNE8H22/sP
TLSH A43533B23B6563A2631D8C5E477BCC0286A50B41C775D7BB5224C0B04E33EBF91B9A76
Reporter abuse_ch
Tags:arj Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: laro.com
Sending IP: 89.36.214.197
From: Phan Hoang <quy.phan@vn.dsv.com>
Subject: FCR# 523610 & 523713 & 523715// Booking SITSGTKG195247 + SITSGTKG195307/\x0a VINH LONG/ SGN- TYO / SGN523533/ ETD 10 MAY / CUST 804028
Attachment: SCAN_DRAFT_FCR_DSV_SHIPMENT.arj (contains "scan_draft_fcr_dsv_shipment.exe")

Loki C2:
http://oneflextiank.com/click/five/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.27684.AidExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.PSW.Agent.BORA.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.22739.ZipHeur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-08 09:36:07 UTC
AV detection:
30 of 48 (62.50%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=u3ddzspbqxuyk25gv3nrzq5y5wcld6vnc6p5g2dnfv64spyc4iia._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

zip a6c63cc9e185e9856ba6aedb1cc3b8ed84b1faad179fd3686d2d7dc93f02e210

(this sample)

Loki

Executable exe b78931e74e439737dd741aac83cb546c57a6344bba5789f9e1e3edd9daa4dcb2

  
Dropping
MD5 4806148160f4a66483ab8a304fa3aa9c
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b78931e74e439737dd741aac83cb546c57a6344bba5789f9e1e3edd9daa4dcb2

Comments