MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b1e19894fc550d27ae9e8034dabedff5d16bbf452bcd7707a3e3c5a8e1377d8d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b1e19894fc550d27ae9e8034dabedff5d16bbf452bcd7707a3e3c5a8e1377d8d
SHA3-384 hash: 9b3de5a035a4025751f5547dcd45443cd28b9a1ff17ee43affbf570c3a746271c98c1a2bdfa089c48a389e6f87a32e6d
SHA1 hash: b6196cd7c744a3db799186a6c16655f3e8e2c9d6
MD5 hash: 7f1c8f37b004527443d14c9826021772
humanhash: three-skylark-summer-asparagus
File name:MT103_PDF.arj
Download: download sample
Signature Loki
Create hunting rule
File size:380'979 bytes
First seen:2020-04-01 12:20:50 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:6XGhfOWDDlQew7JPAxjIosJOCl9U2Yt6zx7a9Nq/Ka16ucuZjk/B2ei+pAS1tNKM:6XGt/iV7yAJOKU2YE2W/KucupEYeiQH1
TLSH 828423FC108377546EE2A323618B5CDF9BBBC8D71F6425DDAAFA4C0082E813165D196B
Reporter abuse_ch
Tags:arj COVID-19 Loki


Avatar
abuse_ch
COVID-19 themed malspam:

HELO: fake.com
Sending IP: 89.40.114.225
From: finance2 <thiel@cedarpoint.com>
Subject: COVID-19: Copy of Transfer Receipt From Our Bank
Attachment: MT103_PDF.arj (contains "MT103_PDF.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-04-01 12:35:53 UTC
File Type:
Binary (Archive)
Extracted files:
2
AV detection:
31 of 47 (65.96%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=whqzrfh4kugsplu6qa2nvpw76xiwxp2ffpgxob5d4pc2ryjxpwgq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

zip b1e19894fc550d27ae9e8034dabedff5d16bbf452bcd7707a3e3c5a8e1377d8d

(this sample)

Loki

Executable exe cab76d3d8538a2fda294935315d5cc2f035887bc43ad2a9b64eadb5a5decc593

  
Dropping
MD5 35a33406d1a7a4692b0a9492e6dff2be
  
Dropping
SHA256 cab76d3d8538a2fda294935315d5cc2f035887bc43ad2a9b64eadb5a5decc593
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 cab76d3d8538a2fda294935315d5cc2f035887bc43ad2a9b64eadb5a5decc593

Comments