MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b8461ab6e8978689214fecdb0967c9a4f35ec255a7c1c2cf263a84ddd432ba11. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b8461ab6e8978689214fecdb0967c9a4f35ec255a7c1c2cf263a84ddd432ba11
SHA3-384 hash: 6136af1008d302be822186c259315afd39a66bc9137ce07cbffb0f18279d21b650e46a63a7194e89a2be1d46a9e4cb95
SHA1 hash: aaaed9ac77fa9bd93aa09bb49279ea4ef24bed97
MD5 hash: 10608922c60b7dcd18ca66c9ee373ba6
humanhash: carpet-harry-fruit-arizona
File name:PO avec conditions de paiement.zip
Download: download sample
Signature Loki
Create hunting rule
File size:448'869 bytes
First seen:2020-11-09 15:27:15 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:8kv5kGvgBByhJa31FKqt4NZyMyUE2PXPhB7ymLp+0:TzvqohJaFFBL6P5gmNN
TLSH 34A4235C03FE784C1946CF38661A0E7BACEEB4E93BBB2B57B8C726671587D4809C5121
Reporter abuse_ch
Tags:Loki zip


Avatar
abuse_ch
Malspam distributing Loki:

From: Varghese Alexander <VARGHESE.ALEXANDER@LOUISBOURG.NET>
Subject: PO avec conditions de paiement
Attachment: PO avec conditions de paiement.zip (contains "PO avec conditions de paiement.exe")

Loki C2:
http://rnalema.com/bukisloki/five/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b8461ab6e8978689214fecdb0967c9a4f35ec255a7c1c2cf263a84ddd432ba11/
Threat name:
Win32.Trojan.Bulz
Create hunting rule
Status:
Malicious
First seen:
2020-11-09 09:03:49 UTC
AV detection:
10 of 47 (21.28%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=xbdbvnxis6disikp5tnqsz6jutzv5qsvu7a4ftzghkcn3vbsxiiq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Starter
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b8461ab6e8978689214fecdb0967c9a4f35ec255a7c1c2cf263a84ddd432ba11

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

zip b8461ab6e8978689214fecdb0967c9a4f35ec255a7c1c2cf263a84ddd432ba11

(this sample)

Loki

Executable exe c62984587e756c3238bf4694ed959c509341427c9f06fc4973c0e7f6fb614546

  
Dropping
MD5 1262ccc9bea3e6b9e675d8e9de09c4df
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c62984587e756c3238bf4694ed959c509341427c9f06fc4973c0e7f6fb614546

Comments