MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a898dc409721647928738ae3eae5ea8034fe8ca2f250aa08a5ff5412c619fb77. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a898dc409721647928738ae3eae5ea8034fe8ca2f250aa08a5ff5412c619fb77
SHA3-384 hash: 88447847a5c30f7208032da6a522a10919b589291130f6b8aa3f663e33a68f3e2245318ef75f86e67e8875b1b26dc23f
SHA1 hash: 5f97267728debc245464dc7e063cfda9aac268de
MD5 hash: cb3ac32df609d6e8ac1c28d1e5007000
humanhash: april-grey-two-freddie
File name:SWIFT MT103 MIDLGB31.arj
Download: download sample
Signature Loki
Create hunting rule
File size:392'610 bytes
First seen:2020-11-20 07:47:42 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:fsd1Iyvj4wEkhbVRbTy9QsN5DLiRumoLOXTlpRQDPbmFUiktIptqLsMR0rSKQ8Kn:sIyvbpJTyBNVLOudOXTloukgtksMR0ru
TLSH 1E842373A27D5529BEDD50FE4313BE01EE5AECC74E27E98C520E48347A8E259F066061
Reporter abuse_ch
Tags:arj Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: mail.saberindo.co.id
Sending IP: 103.253.68.133
From: inquiry@hsbc.com.hk
Subject: SWIFT MT103 Notification from HSBC HK (MIDLGB31)
Attachment: SWIFT MT103 MIDLGB31.arj (contains "SWIFT MT103 MIDLGB31.exe")

Loki C2:
http://azme-contractors.com/zoro/zoro1/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Result
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a898dc409721647928738ae3eae5ea8034fe8ca2f250aa08a5ff5412c619fb77/
Threat name:
Win32.Spyware.Woreflint
Create hunting rule
Status:
Malicious
First seen:
2020-11-19 23:01:10 UTC
AV detection:
33 of 48 (68.75%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=vcmnyqexefshskdtrlr6vzpkqa2p5dfc6jikucff75kbfrqz7n3q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

zip a898dc409721647928738ae3eae5ea8034fe8ca2f250aa08a5ff5412c619fb77

(this sample)

Loki

Executable exe 73bef2fa0aa9363393241e31673c52bf1cbf84307c696f7d7a97a4f89b80003f

  
Dropping
MD5 b65cb873a372606bf78fbaa824a957ba
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 73bef2fa0aa9363393241e31673c52bf1cbf84307c696f7d7a97a4f89b80003f

Comments