MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 eca05b945a4755b83afadf6bfeec50b59e8f3ff2a7cabb7c764889e71badc9cf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: eca05b945a4755b83afadf6bfeec50b59e8f3ff2a7cabb7c764889e71badc9cf
SHA3-384 hash: d7dd2e6e8060844d04563ef08744d3627079575a0036689eae409fbd2c02542e1663a37fb35fbe7a26c33661560073c0
SHA1 hash: 35194c976274c08e5c928d3c9c543b5c5d33c8bb
MD5 hash: 32426a9e7ac9cb898652045408068b82
humanhash: kitten-march-lamp-timing
File name:BANK_TT_COPY_PDF.rar
Download: download sample
Signature Loki
Create hunting rule
File size:344'853 bytes
First seen:2020-11-19 07:52:47 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:vYz1Rv0kskVDWQRD1ubYNcpQSc3jtbxvY5JlORfoKUSmZrMNLOZ/GUZEC:AJGPMDWSubYuQSwbxvAzORfoKzmZQNLc
TLSH 1B74233DE2C31ED2180830B54B5393CA941F29817367F56A4967C707CB2ACB399D676B
Reporter abuse_ch
Tags:Loki rar


Avatar
abuse_ch
Malspam distributing Loki:

HELO: v190018.serveradd.com
Sending IP: 103.11.190.18
From: nithya@ajaxadjusters.com
Subject: Early payment reminder Nov 2020
Attachment: BANK_TT_COPY_PDF.rar (contains "BANK_TT_COPY_PDF.exe")

Loki C2:
http://firnabulking.com/case/five/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
98
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27271.Rar5Heur.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/eca05b945a4755b83afadf6bfeec50b59e8f3ff2a7cabb7c764889e71badc9cf/
Threat name:
Win32.Trojan.Skeeyah
Create hunting rule
Status:
Malicious
First seen:
2020-11-19 07:53:04 UTC
AV detection:
19 of 29 (65.52%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=5sqfxfc2i5k3qox235v753cqwwpi6p7su7flw7dwjce6og5nzhhq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

rar eca05b945a4755b83afadf6bfeec50b59e8f3ff2a7cabb7c764889e71badc9cf

(this sample)

Loki

Executable exe 604ce9b5e0796122450488b2609f58c6b261df8e7c16c760dc58f9d61140374c

  
Dropping
MD5 5c15d897a0f55636362fda8c38b97a5f
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 604ce9b5e0796122450488b2609f58c6b261df8e7c16c760dc58f9d61140374c

Comments