MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c73b1104c30739baa36168ef2106d3e36ab82521b20f28ac62ff51970c6a6dbf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c73b1104c30739baa36168ef2106d3e36ab82521b20f28ac62ff51970c6a6dbf
SHA3-384 hash: ab96f664beea974baa57717becd2a1ab716b1e35cc547ad95f8a0b126cd51a3e08f8a900380f2368af3fb930c5355566
SHA1 hash: faff2d797378d069e5668e6bc7c850808d026556
MD5 hash: 880fc92f2ed84feddb53cf9973aaeed6
humanhash: pennsylvania-gee-violet-violet
File name:New order.gz
Download: download sample
Signature Loki
Create hunting rule
File size:377'414 bytes
First seen:2020-10-21 09:52:06 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 6144:QDPOCdkGvRl0klYJmJNyLBLXRvkj059evet7XXIXq7FsNn/N+E4nSHegINI+vwQN:pCiGpllYY6BLXRvkG4et7HKoiNlJ44No
TLSH 238423005A621DDA9BBFCBE84DCFB1133124667D13825340D9E9BCADD4B613CBB6DA42
Reporter abuse_ch
Tags:gz Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: lucky-pro.com
Sending IP: 156.96.154.223
From: Karen Arafol <luyunbo@lucky-pro.com>
Subject: RE: Our new order P.O(01-20 CH) 2020--TM20239
Attachment: New order.gz (contains "New order.exe")

Loki C2:
http://jlk-comercial.com/wp-includes/five/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.25797.RarHeur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c73b1104c30739baa36168ef2106d3e36ab82521b20f28ac62ff51970c6a6dbf/
Threat name:
Win32.Trojan.LokiBot
Create hunting rule
Status:
Malicious
First seen:
2020-10-21 03:08:16 UTC
AV detection:
24 of 29 (82.76%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=y45rcbgda443vi3bndxscbwt4nvlqjjbwihsrldc75izoddknw7q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

gz c73b1104c30739baa36168ef2106d3e36ab82521b20f28ac62ff51970c6a6dbf

(this sample)

Loki

Executable exe 512ef01f7a7267ffd8289b8f754f5bb4fac68fb8c83a27fd09c2eb556a93bce3

  
Dropping
MD5 711262749eb57c08ebf06f094685708b
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 512ef01f7a7267ffd8289b8f754f5bb4fac68fb8c83a27fd09c2eb556a93bce3

Comments