MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 aa22acd51bf13b8e1c2c69177ab196e532530641b07b7915e0811b11c8d94816. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: aa22acd51bf13b8e1c2c69177ab196e532530641b07b7915e0811b11c8d94816
SHA3-384 hash: 610d1153d37c8ec409b68f0c5e0ccc3bcd4e05343bbb7778aacf06859a0c7ab2c5d9c304c535e9d78b9fd09aae607818
SHA1 hash: 3b8a568d8d09eb281e32918254c445c3876b7cb6
MD5 hash: f5024c20ed6a9415074dc5f47488136c
humanhash: pennsylvania-winner-maine-ceiling
File name:TCS.gz
Download: download sample
Signature Loki
Create hunting rule
File size:394'860 bytes
First seen:2020-11-19 06:50:31 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 6144:twWrs5CSna5z4YoMK8i/FVV1tKLSGoq7BI1fITPCkACCx85J3l5sMIDA7H6bP/o7:tw95hCz4Mi/TrtiSVDQTR71H6T/U
TLSH 1984233EE949D7E0360F95E1B05E06AD242969E47D85C420BE53FF1E0BD832BAC79427
Reporter abuse_ch
Tags:gz Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: server50.a2zcreatorz.com
Sending IP: 69.16.233.137
From: PT. INTEGRA LINE INDONESIA (JAKARTA) <sajid.siddiqui@picg.org.pk>
Subject: RE: FOB SEA LCL EX. NINGBO - JAKARTA [S/ ZHEJIANG SANWEI RUBBER ITEM CO. LTD - C/ PT. VIRTUE POER TECHNICA] 200343473 // AMIGL200343473A // VESSEL CMA CGM EIFFEL V.0QA6RS // NINGBO
Attachment: TCS.gz (contains "TCS.exe")

Loki C2:
http://legalpath.in/cc/Panel/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/aa22acd51bf13b8e1c2c69177ab196e532530641b07b7915e0811b11c8d94816/
Threat name:
Win32.Trojan.LokiBot
Create hunting rule
Status:
Malicious
First seen:
2020-11-19 06:51:03 UTC
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=virkzvi36e5y4hbmnelxvmmw4uzfgbsbwb5xsfpaqenrdsgzjala._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

gz aa22acd51bf13b8e1c2c69177ab196e532530641b07b7915e0811b11c8d94816

(this sample)

Loki

Executable exe bcb80a1836e307e6deddd288ef33138eb90da86887eeec7baa7c2944496e5b48

  
Dropping
MD5 c5451c0aca45d9d9eb8c810c4b6b6827
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 bcb80a1836e307e6deddd288ef33138eb90da86887eeec7baa7c2944496e5b48

Comments