MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 de1cf950768ed85e8db91067ad1fcb75f5b3ea065bac9f8d9d02a13ef6c84015. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: de1cf950768ed85e8db91067ad1fcb75f5b3ea065bac9f8d9d02a13ef6c84015
SHA3-384 hash: a87eeea3c8a5bbc41e97e35453587426e948db7d629f2ec22246837065930fb193a3d5439d4aafb21db4317070e0ed7f
SHA1 hash: 91d8d116ac1ef93367f72472a03394f513b47e35
MD5 hash: 3b1324268d47a3bc16a639b9a66b9f31
humanhash: beryllium-freddie-freddie-johnny
File name:Attached_ContainerDoc.arj
Download: download sample
Signature Loki
Create hunting rule
File size:24'419 bytes
First seen:2020-05-20 08:34:06 UTC
Last seen:Never
File type: arj
MIME type:application/x-rar
ssdeep 384:LWGD4p+ZJtiIotNUx4/eHqhZKhlQHRdZEgZO9aPOAL4gqrnvZTpM8mLD/7:SX2W3s8eH+mQHRdZEuZxL4jvBpMJ7
TLSH D4B2E00F15F7DCABA584CBCFCF73550D3626E02EEEB227683618A11E6A844C91DB3605
Reporter abuse_ch
Tags:arj Loki Maersk


Avatar
abuse_ch
Malspam distributing Loki:

HELO: maersk.com
Sending IP: 142.11.196.197
From: Maersk Customer Service <AutonotificationLS.msl@maersk.com>
Reply-To: Maersk Customer Service <noreply@domain-admin.com>
Subject: WG: Action Required - Imports_Longstandings - Discharge full with Det/Dem - Reminder
Attachment: Attached_ContainerDoc.arj (contains "Attached_ContainerDoc.bat")

Loki C2:
http://lmpulsefashion.net/four/gates3/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-20 08:36:56 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
25 of 48 (52.08%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=3yopsudwr3mf5dnzcbt22h6lox23h2qglowj7dm5akqt55wiiakq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

arj de1cf950768ed85e8db91067ad1fcb75f5b3ea065bac9f8d9d02a13ef6c84015

(this sample)

Loki

Executable exe df8a22b84b09a0871f6823edb9a826bab424c3e518b18a51e49e7ce1c311ca9a

  
Dropping
MD5 93015d49e177c32dea9aba2fb14168f1
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 df8a22b84b09a0871f6823edb9a826bab424c3e518b18a51e49e7ce1c311ca9a

Comments