MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b93915bafb8f7566d8ca47a553917fea94343813c7fc40eac0a371d85d2e9929. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b93915bafb8f7566d8ca47a553917fea94343813c7fc40eac0a371d85d2e9929
SHA3-384 hash: 7c00ddc892298fee291b265fc52c20091fc5b4111b152fe1d0431794f8c971a1a316dc3d6283ddd10b350f4a980a6eaa
SHA1 hash: d9598d3a6c98b31caeca9164cfb90446069f8f6a
MD5 hash: 0ae08d5848194c53f50fccfea28b56fa
humanhash: fix-oregon-bravo-arkansas
File name:KYOCERA_02898875727263648.arj
Download: download sample
Signature Loki
Create hunting rule
File size:1'015'415 bytes
First seen:2020-05-04 11:39:04 UTC
Last seen:2020-05-04 14:51:32 UTC
File type: zip
MIME type:application/zip
ssdeep 24576:buVZO28uDHWVcIXmLossppFfA0Qttid/NXs5nIeZLIZNG9x:bu22pWVD2Ep3A4NcDZLIZNG9x
TLSH 2C2533E9DF208B6A898B464585B8170E8C1DEFFFE2154477EC5AE32350AF176070DA39
Reporter jarumlus
Tags:Loki

Intelligence

File Origin
# of uploads :
3
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.27684.AidExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.PSW.Agent.BORA.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Mbt
Create hunting rule
Status:
Malicious
First seen:
2020-05-04 11:39:16 UTC
File Type:
Binary (Archive)
Extracted files:
27
AV detection:
22 of 31 (70.97%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xe4rlox3r52wnwgki6svhel75kkdioaty76eb2wauny5qxjoteuq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Loki

zip b93915bafb8f7566d8ca47a553917fea94343813c7fc40eac0a371d85d2e9929

(this sample)

Loki

Executable exe 78b048f04b9e8f67609d91321edbf8cf27d3b94cafda8210568d67002c09855d

  
Dropping
SHA256 78b048f04b9e8f67609d91321edbf8cf27d3b94cafda8210568d67002c09855d

Comments


Avatar
Corsin Camichel commented on 2020-05-04 11:44:10 UTC

Malicious email
From: SHARECOOL GROUP <sales12@jsanalytikal.com>
Received: from mail.nwiran.com (mail.nwiran.com [185.94.98.43])
Date: Mon, 04 May 2020 15:36:55 +0430
Subject: Notice of pending payment over bank details confirmation
Attachment: KYOCERA_02898875727263648.arj