MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c3a60130f32d6079741c9958303f18aacf548a81cfb88fe218a726c7377c343b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c3a60130f32d6079741c9958303f18aacf548a81cfb88fe218a726c7377c343b
SHA3-384 hash: 3371497d59f89331ba85b347600675389eaa3bf3aab7a2c7caf83bb62d2230738dba563200ba604df301ec59013bd81e
SHA1 hash: 496d651823601c527cd0a899f339a97ff85b5667
MD5 hash: e1e355d6f2d9af93058ef9d396e80e22
humanhash: moon-berlin-mike-bravo
File name:Faktur Bangun Nusa Mandiri.gz
Download: download sample
Signature Loki
Create hunting rule
File size:56'324 bytes
First seen:2020-04-21 12:12:09 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 768:pyp0Dwgd+Q4hxPZx7pp4CiScn8YsCK18l01OwNIySmhAAPIK+0OAS/pHtqWby7W:p3wgmhRLp8Scn8YsWwNIvAPb0pN9O7W
TLSH 6F4301514308450AD360BD73E3E3AD5D4A026634EE82C87887BBD2BD2834DA73C75A9F
Reporter abuse_ch
Tags:COVID-19 gz Loki


Avatar
abuse_ch
COVID-19 themed malspam distributing Loki:

HELO: merbabu.indosol.net
Sending IP: 202.51.253.120
From: Unipower <petrusd@datanet.co.id>
Subject: PT.UNIPOWER PRATAMA - INVOICE 098/I/IV/20- PO.9100326941
Attachment: Faktur Bangun Nusa Mandiri.gz (contains "Faktur Bangun Nusa Mandiri.exe")

Loki C2:
http://cmeducationhub.com/wwp/Panel/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Generic-7678438-0
Create hunting rule

Win.Dropper.LokiBot-7678947-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Androm
Create hunting rule
Status:
Malicious
First seen:
2020-04-22 02:35:00 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
22 of 31 (70.97%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=yotacmhtfvqhs5a4tfmdapyyvlhvjcubz64i7yqyu4tmon34gq5q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

gz c3a60130f32d6079741c9958303f18aacf548a81cfb88fe218a726c7377c343b

(this sample)

Loki

Executable exe ad64a6eaa5d2494a4161158792e7cde3fb7d9a7bd36f06cc0de271192582f439

  
Dropping
MD5 5e30e25782ecca5f036ec2d2736ba9c5
  
Dropping
SHA256 ad64a6eaa5d2494a4161158792e7cde3fb7d9a7bd36f06cc0de271192582f439
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ad64a6eaa5d2494a4161158792e7cde3fb7d9a7bd36f06cc0de271192582f439

Comments