MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b372cdb4086864257b1425231affeebd10771036335a4f338c3bdbba3e279b61. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b372cdb4086864257b1425231affeebd10771036335a4f338c3bdbba3e279b61
SHA3-384 hash: aa15db927f7bd804cf9612f2743b44e128284096a4248652419dc0b465e856a0efe17ae4e34957c650f1dc0bb3eb879a
SHA1 hash: 9ceaa1612cf2457068138b8ce063cbbb619f6b7e
MD5 hash: 109eb8f6e199b44035edd2550f22bde7
humanhash: network-three-glucose-double
File name:REQUEST FOR QUOTATION.rar
Download: download sample
Signature Loki
Create hunting rule
File size:353'101 bytes
First seen:2020-08-16 13:46:55 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:nAHTvnnqu6oOMStCQKjzl4AOdMTPYx71MLiiH1/BX7qJyEgFYcsDhV1TlnNZBK:GzDOMHQgh4h2PY8LiQwsPacsdV1RU
TLSH B1742399C6D3A6300AADB61E00584FCD751014EE796DDE36CA0F09892D9FECD9E92C17
Reporter abuse_ch
Tags:Loki rar


Avatar
abuse_ch
Malspam distributing Loki:

HELO: server.130ads.com
Sending IP: 209.124.90.180
From: Nicole tsai <navin@abuilyas.co.om>
Subject: URGENT REQUEST FOR QUOTATION
Attachment: REQUEST FOR QUOTATION.rar (contains "REQUEST FOR QUOTATION.exe")

Loki C2:
http://mecharnise.ir/ea12/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b372cdb4086864257b1425231affeebd10771036335a4f338c3bdbba3e279b61/
Threat name:
Win32.Backdoor.NanoCore
Create hunting rule
Status:
Malicious
First seen:
2020-08-16 13:48:06 UTC
AV detection:
21 of 28 (75.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=wnzm3nainbsck6yueurrv77oxuihoebwgnne6m4mhpn3uprhtnqq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/b372cdb4086864257b1425231affeebd10771036335a4f338c3bdbba3e279b61

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

rar b372cdb4086864257b1425231affeebd10771036335a4f338c3bdbba3e279b61

(this sample)

Loki

Executable exe 10839c4eb55e4d1cb78e5a9993d3b2f896fd945fd0f9464272af2f8e8aeae769

  
Dropping
MD5 6dc1eb01067c8cde80a3e24526866e7f
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 10839c4eb55e4d1cb78e5a9993d3b2f896fd945fd0f9464272af2f8e8aeae769

Comments