MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a8d93c2cba76fd1a89e2a5b071b42fefdd485af0108420f3ad75008b493f0943. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a8d93c2cba76fd1a89e2a5b071b42fefdd485af0108420f3ad75008b493f0943
SHA3-384 hash: 102e68fe98e8dde3bdf197973354f8a3fb1a37158b0322fa117829c9949fdfee5532807bf84194630d5fe7c6b6368d1f
SHA1 hash: ac2d96b93a45fe777a9980e064db215dc27276bc
MD5 hash: b1845d27a5230f5985f73db643f4d265
humanhash: florida-lithium-leopard-kansas
File name:Consignment Receipt_pdf.r00
Download: download sample
Signature Loki
Create hunting rule
File size:356'439 bytes
First seen:2020-09-28 05:24:03 UTC
Last seen:Never
File type: r00
MIME type:application/x-rar
ssdeep 6144:YMXnMvXXS4uPLw0wouPQ4Bnyomn5rtLAWn/5oHMRqUbnHa1DPoeO8s0/j:tXMXQ244q5RnBoHMVHKboevb
TLSH CF742343C91D899BB280A09C8548BFC6A1CA1C325FC3C7852EC663ED2DB5B5177625BB
Reporter cocaman
Tags:Loki r00


Avatar
cocaman
Malicious email (T1566.001)
From: "TNT EXPRESS <Airene.Jovellanos@tnt.com>"
Received: "from vzx0.314.gonfi.ml (vzx0.314.gonfi.ml [134.122.33.9]) "
Date: "Sun, 27 Sep 2020 16:20:39 -0700"
Subject: "Consignment Notification: WB-260820200131222"
Attachment: "Consignment Receipt_pdf.r00"

Intelligence

File Origin
# of uploads :
1
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27382.Rar5Heur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a8d93c2cba76fd1a89e2a5b071b42fefdd485af0108420f3ad75008b493f0943/
Threat name:
Win32.Packed.Generic
Create hunting rule
Status:
Suspicious
First seen:
2020-09-27 23:14:35 UTC
File Type:
Binary (Archive)
Extracted files:
26
AV detection:
7 of 42 (16.67%)
Threat level:
  1/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=vdmtylf2o36rvcpcuwyhdnbp57ouqwxqccccb45nouaiwsj7bfbq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Lokibot
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/a8d93c2cba76fd1a89e2a5b071b42fefdd485af0108420f3ad75008b493f0943

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

r00 a8d93c2cba76fd1a89e2a5b071b42fefdd485af0108420f3ad75008b493f0943

(this sample)

Loki

Executable exe 083e098c7a4893abdbb906f03b92dda1f54c469527f2f59eafca8f1176d2686f

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 083e098c7a4893abdbb906f03b92dda1f54c469527f2f59eafca8f1176d2686f
  
Dropping
Loki

Comments