MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f0bb4d9cdb83a006cdf2ef16891a186421f29e41eea0aa0f9ddb1e95275c86d0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f0bb4d9cdb83a006cdf2ef16891a186421f29e41eea0aa0f9ddb1e95275c86d0
SHA3-384 hash: 5d2a3b869d541b527f7fe72cab10c253fb71e8a6adcb5e1cb6563fa8e9900f45d9b6907f49b1ae8464e9c764de756d71
SHA1 hash: 8653502b2b09efcdcb33c7d7f32d7d7f1d5ab56e
MD5 hash: 5431cea8665af8fc7c81185b61fb66fe
humanhash: indigo-cold-uniform-timing
File name:pi0093.zip
Download: download sample
Signature Loki
Create hunting rule
File size:731'412 bytes
First seen:2020-05-25 08:00:03 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:s8NW8/P4jNbilT4gnDy4cIsh2Z/+AfnqhrO6ua9GPuTcU6F9cuhh7UR5q1x:smWWuTOO4cIsAW3hrO679MU63cuhxUCH
TLSH 68F433F7452E7D8529130808E8CEA9FE30D15FA6F26D140E18F85ADDE65531E8ECB09B
Reporter abuse_ch
Tags:Loki zip


Avatar
abuse_ch
Malspam distributing Loki:

HELO: server0.cortamgroup.ml
Sending IP: 23.254.224.206
From: Monovalves Trading Ltd <info@cortamgroup.ml>
Subject: Proforma Invoice.
Attachment: pi0093.zip (contains "pi#0093.exe")

Loki C2:
http://chingowashers.tk/wp-demo/admin/apache/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Delf
Create hunting rule
Status:
Malicious
First seen:
2020-05-25 08:25:42 UTC
File Type:
Binary (Archive)
Extracted files:
43
AV detection:
23 of 48 (47.92%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

zip f0bb4d9cdb83a006cdf2ef16891a186421f29e41eea0aa0f9ddb1e95275c86d0

(this sample)

Loki

Executable exe 2ceeb468000833002257f4237af1a1c24fc579f0b0be1eabcd7fd864ff7c9d44

  
Dropping
MD5 088717bd0344fe445fa9310fd8cccd4c
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2ceeb468000833002257f4237af1a1c24fc579f0b0be1eabcd7fd864ff7c9d44

Comments