MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e8c5023f56fc3c7295aec884658def3acb791cf686e25799c759119fc3a572a5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e8c5023f56fc3c7295aec884658def3acb791cf686e25799c759119fc3a572a5
SHA3-384 hash: b70927a1118b9440f49f14443cfdf86647c108267c08af5280ff0112d5687fa2cc1fabf5cfbed4d7916677041339fe6c
SHA1 hash: a090b6bec995a08f649c7014499a9c4fd619d6ce
MD5 hash: d141c2e0215c72162da99e399456cdf9
humanhash: white-florida-west-october
File name:New Order 00097532_PDF.gz
Download: download sample
Signature Loki
Create hunting rule
File size:407'276 bytes
First seen:2020-10-15 12:16:37 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 6144:YPO2xPShIcF3YowEjxdxF7yFH4IMQSOVpoDNYJqKF89svzpc+r0M2z+oOltpYTsd:8QF6Ejx5uZ4FQSsoJwTQM2yjKTLy
TLSH A084233F4BDC91F8A399A1C311D4E4A275A6FE77A62DCCE1639B0A186D0D9402CF7B05
Reporter abuse_ch
Tags:gz Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: thuthe8668
Sending IP: 103.90.224.94
From: Purchase Manager <purchase.hyd@lasershaving.in>
Reply-To: Purchase Manager <ricknicolas.aol@hotmail.com>
Subject: New Purchase Order
Attachment: New Order 00097532_PDF.gz (contains "New Order 00097532_PDF.exe")

Loki C2:
http://195.69.140.147/.op/cr.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e8c5023f56fc3c7295aec884658def3acb791cf686e25799c759119fc3a572a5/
Threat name:
Win32.Trojan.LokiBot
Create hunting rule
Status:
Malicious
First seen:
2020-10-15 09:10:04 UTC
AV detection:
21 of 29 (72.41%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=5dcqep2w7q6hffnozccgldpphlfxshhwq3rfpgohleiz7q5foksq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Lokibot
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e8c5023f56fc3c7295aec884658def3acb791cf686e25799c759119fc3a572a5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

gz e8c5023f56fc3c7295aec884658def3acb791cf686e25799c759119fc3a572a5

(this sample)

Loki

Executable exe 24a244c7883dcc63a16dea85306b58374f92ef0809823c4bc6c300cb578132b6

  
Dropping
MD5 54eb4cb6fd9b16f77fdaf096447b6264
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 24a244c7883dcc63a16dea85306b58374f92ef0809823c4bc6c300cb578132b6

Comments