MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b9b337f43b17949ac8dda68e3a1360419b0dea292cbf3f2e99ffaeb2d83b719b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b9b337f43b17949ac8dda68e3a1360419b0dea292cbf3f2e99ffaeb2d83b719b
SHA3-384 hash: 48c5257bdba1ac247de737f8a6e4311a356448097923ec9241fc9dee633d5c70b4c6d5cbb2351e169f2bd10a86c251b2
SHA1 hash: 26da2fe762989f156ff670a0ae3e4da24a72b465
MD5 hash: e05d3ba3f5b135708cd4f5a5cacc43c4
humanhash: venus-double-sweet-kitten
File name:DHL INVOICE.PDF.img
Download: download sample
Signature Loki
Create hunting rule
File size:1'835'008 bytes
First seen:2021-02-07 16:04:14 UTC
Last seen:2021-02-08 05:31:14 UTC
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:XmfaUXcJggDniUzQGGpDwUhyybDcfGOq2lQXKp07:IcJVDniUkNpDwUh1AfF
TLSH 73852941B2B89F63E47E9378C5A848251BF27C08E334E66EBC7475EF1931B418656B23
Reporter abuse_ch
Tags:DHL img Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: vps.camposreyeros.com
Sending IP: 34.227.147.31
From: DHL-EXPRESS <info@guruvarma.com>
Subject: RE: DHL Shipment Notification order
Attachment: DHL INVOICE.PDF.img (contains "DHL INVOICE .bat")

Loki C2:
http://becharnise.ir/fox/fre.php

Intelligence

File Origin
# of uploads :
2
# of downloads :
166
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.ZODtr.5854.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b9b337f43b17949ac8dda68e3a1360419b0dea292cbf3f2e99ffaeb2d83b719b/
Threat name:
ByteCode-MSIL.Backdoor.NanoBot
Create hunting rule
Status:
Malicious
First seen:
2021-02-07 16:05:07 UTC
AV detection:
17 of 28 (60.71%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=xgztp5b3c6kjvsg5u2hdue3aignq32rjfs7t6luz76xlfwb3ognq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b9b337f43b17949ac8dda68e3a1360419b0dea292cbf3f2e99ffaeb2d83b719b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

img b9b337f43b17949ac8dda68e3a1360419b0dea292cbf3f2e99ffaeb2d83b719b

(this sample)

Loki

Executable exe ae1bb452d80ac991a91861b13755c4f5c13b006c714cddcc5e03ae7263092e01

  
Dropping
MD5 b94da24dfaa50fc688abf7998a4fbf8b
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ae1bb452d80ac991a91861b13755c4f5c13b006c714cddcc5e03ae7263092e01

Comments