MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 add3ca6a71590bd86a51d4fe970ddb6083494cb6656c0469c8aa04eda613fa81. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: add3ca6a71590bd86a51d4fe970ddb6083494cb6656c0469c8aa04eda613fa81
SHA3-384 hash: 716b4917f03f68f4769cbb7bff0711d4215fe5cd40528ee9cf46674e03d814d969e1efd0befd037ffca60c38ea46f42a
SHA1 hash: 9bb3c497e6461ce2d1ba65ad8a9665fb7b6383e9
MD5 hash: 18ce256f82e585ae2eb351a0d9ee0a11
humanhash: charlie-december-glucose-finch
File name:Remittance - 120722.img
Download: download sample
Signature Loki
Create hunting rule
File size:1'245'184 bytes
First seen:2022-07-19 16:18:44 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:FGIYFLd0bqxlCZSBe938lhS3PvNCWb2gb3IU3ScaFlSNSZ3:FGxFGqxlzUZmhSfvsO9VaQSZ3
TLSH T1BA45122237A46915CB6E4F3B6032D100A6B5B79135A2DB8FBD8C175E1F673448B02F6B
TrID 99.4% (.NULL) null bytes (2048000/1)
0.2% (.ISO) ISO 9660 CD image (5100/59/2)
0.2% (.ATN) Photoshop Action (5007/6/1)
0.0% (.BIN/MACBIN) MacBinary 1 (1033/5)
0.0% (.ABR) Adobe PhotoShop Brush (1002/3)
Reporter cocaman
Tags:img Loki


Avatar
cocaman
Malicious email (T1566.001)
From: "Account Payable <AP@levamlodipine.com>" (likely spoofed)
Received: "from levamlodipine.com (unknown [45.137.22.101]) "
Date: "19 Jul 2022 17:42:30 +0200"
Subject: "REMITTANCE COPY "
Attachment: "Remittance - 120722.img"

Intelligence

File Origin
# of uploads :
1
# of downloads :
164
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Iso_fs2606.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/62d6d9bdf56fa6e45df6ee56/reports/3bb5a61f-3b40-41d8-a8ae-eb7267f13646/overview
Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/add3ca6a71590bd86a51d4fe970ddb6083494cb6656c0469c8aa04eda613fa81/
Threat name:
ByteCode-MSIL.Trojan.GenericML
Create hunting rule
Status:
Malicious
First seen:
2022-07-19 13:18:22 UTC
File Type:
Binary (Archive)
Extracted files:
57
AV detection:
18 of 39 (46.15%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=vxj4u2trlef5q2sr2t7jodo3mcbustfwmvwai2oivico3jqt7kaq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Lokibot
Score:
0.90
Link:
https://yomi.yoroi.company/submissions/add3ca6a71590bd86a51d4fe970ddb6083494cb6656c0469c8aa04eda613fa81

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

img add3ca6a71590bd86a51d4fe970ddb6083494cb6656c0469c8aa04eda613fa81

(this sample)

Loki

Executable exe 61d80562a0ead0d9a3fc80089b437847365c5c5010fa7a060467649f0f6dcbea

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 61d80562a0ead0d9a3fc80089b437847365c5c5010fa7a060467649f0f6dcbea
  
Dropping
Loki

Comments