MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ef010ab0b64d78722402ff110720418c7ac4de280eb1f75b2b93353fe34b4986. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ef010ab0b64d78722402ff110720418c7ac4de280eb1f75b2b93353fe34b4986
SHA3-384 hash: eea8b5cde8fd607b99a7a7ecb3b996bfb6011028ae1cc0640a7b8f4e3bcb084586729c86b20191fb469874a847af642b
SHA1 hash: f867c7e59f32988b1a194dcbad41af64c5c35e43
MD5 hash: 0d147fc724a2c3340fe9a1f1378d2409
humanhash: orange-carpet-hawaii-stream
File name:Doc00638832664.img
Download: download sample
Signature Loki
Create hunting rule
File size:1'376'256 bytes
First seen:2021-01-13 20:19:12 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:ArOrBcB5FAIWjhFmLLE4AmdG8qh+JOsolO21:KBB5FzWjhAH7Aqq2OtlO21
TLSH 68555C11ABD1A700E3FC67BE586010612BF5EE25F6F8D62DDC9030795EA1AA844FD783
Reporter abuse_ch
Tags:DHL ESP geo img Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: smarthost1.gohsphere.com
Sending IP: 173.0.129.225
From: Gerente de carga de DHL <facturacion.mx@dhl.com>
Subject: nueva notificación de envío de DHL
Attachment: Doc00638832664.img (contains "Doc00638832664.PDF______________________.exe")

Loki C2:
http://51.195.53.221/p.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
175
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Iso_fs1729.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ef010ab0b64d78722402ff110720418c7ac4de280eb1f75b2b93353fe34b4986/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-01-13 18:56:47 UTC
AV detection:
7 of 46 (15.22%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=54aqvmfwjv4hejac74iqoicbrr5mjxrib2y7owzlsm2t7y2ljgda._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/ef010ab0b64d78722402ff110720418c7ac4de280eb1f75b2b93353fe34b4986

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

img ef010ab0b64d78722402ff110720418c7ac4de280eb1f75b2b93353fe34b4986

(this sample)

Loki

Executable exe e0fa6c966f07e112cf5c5e78a8d421aba10d7a05e0e3a7f352be03e0ad5389b1

  
Dropping
MD5 b0a6d1001d3f2e90e0851497f05ef521
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e0fa6c966f07e112cf5c5e78a8d421aba10d7a05e0e3a7f352be03e0ad5389b1

Comments