MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bc33270f7affb342c69f3ac752b73257071e99a3925ccd8e6ae9a289416df437. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Loki

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	bc33270f7affb342c69f3ac752b73257071e99a3925ccd8e6ae9a289416df437
SHA3-384 hash:	199f13155e4cd3d4ce73ec13c581f250a0c156c85cd10b9f007a35c27b042dcc641a4349a03af5ec0660c355511bdc72
SHA1 hash:	601af70074c026041f081802d67f04142fd4d0a9
MD5 hash:	ad2a1ee521d33b206afad5a2dd0d21a2
humanhash:	stairway-ceiling-pennsylvania-five
File name:	PO. pdf.zip
Download:	download sample
Signature	Loki Create hunting rule
File size:	439'277 bytes
First seen:	2021-02-15 17:37:31 UTC
Last seen:	2021-02-17 22:27:39 UTC
File type:	zip
MIME type:	application/zip
ssdeep	12288:PRfN6EeArbvKNvjAcpPYIABWt4CROw8ch4:PqnNsWPxhOw/4
TLSH	ED9423F21279A3F2D1039A13668D353CD1DADE389F30A342BA955C70C1754AEEEB251B
Reporter	GovCERT_CH
Tags:	Loki

Intelligence

File Origin

# of uploads :

8

# of downloads :

105

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Sanesecurity.Foxhole.Zip_pdf.UNOFFICIAL

SecuriteInfo.com.Trojan.Packed2.42845.UNOFFICIAL

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/bc33270f7affb342c69f3ac752b73257071e99a3925ccd8e6ae9a289416df437/

Threat name:

ByteCode-MSIL.Backdoor.Androm

Status:

Malicious

First seen:

2021-02-15 10:41:28 UTC

AV detection:

10 of 46 (21.74%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=xqzsod3276zufru7hldvfnzsk4dr5gndsjom3dtk5grisqln6q3q._file

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Kryptik

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/bc33270f7affb342c69f3ac752b73257071e99a3925ccd8e6ae9a289416df437

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip bc33270f7affb342c69f3ac752b73257071e99a3925ccd8e6ae9a289416df437

(this sample)

exe 3c5b0462854d7115d4e6a6c1e1154ae2bfe6df8245328a6db34d6ebfe77f3e34

Dropped by

Loki

Delivery method

Distributed via e-mail attachment

Dropping

SHA256 3c5b0462854d7115d4e6a6c1e1154ae2bfe6df8245328a6db34d6ebfe77f3e34

Dropping

MD5 26d938e936501c40950dddad234a7e25

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample