MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f0c12847f0d92b86e28298f6f91d487370d5f26c217d87a916169fec8b82903e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f0c12847f0d92b86e28298f6f91d487370d5f26c217d87a916169fec8b82903e
SHA3-384 hash: 403ca45563cd5d76fd845580311892919006020e292b3961e729038b08381a165bdaa8bf5a2f7eb7f9e6bb4371756d49
SHA1 hash: e1e91242cfa8f67fd3df42c6ab00420220ce67f9
MD5 hash: 055b556a25a7905a7a5f6d8817a214a2
humanhash: ten-speaker-floor-steak
File name:swift copy_pdf.arj
Download: download sample
Signature Loki
Create hunting rule
File size:978'242 bytes
First seen:2020-04-29 16:58:32 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:ptLJNUpB8r3kkON9+yy6W2FRXEl0/K8ezm:PJUBK3m+X65x/Kbm
TLSH 49252334859B00590ED1D113711D99C2FEB0DFF2A9D290A676F702CCA7F1A49A9BDA2C
Reporter abuse_ch
Tags:arj Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: www11.serv.ge
Sending IP: 91.212.213.96
From: tours@freetravel.ge
Subject: Please see payment slip for PO # 4147670
Attachment: swift copy_pdf.arj (contains "swift copy_pdf.exe")

Loki C2:
http://alforcargo.com/cake/five/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.27684.AidExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.AIT.Trojan.Nymeria.1583.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.24113.ZipHeur.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.25815.ZipHeur.BadExt.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-04-29 17:35:41 UTC
File Type:
Binary (Archive)
Extracted files:
27
AV detection:
32 of 48 (66.67%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=6dasqr7q3evynyuctd3pshkionynl4tmef6ypkiwc2p6zc4csa7a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

zip f0c12847f0d92b86e28298f6f91d487370d5f26c217d87a916169fec8b82903e

(this sample)

Loki

Executable exe 549041de891707defd3ad382b4a084683e0079d161edc02cc4ad16319402d7df

  
Dropping
MD5 6d17f21b83ed77a800c2e334df9f54aa
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 549041de891707defd3ad382b4a084683e0079d161edc02cc4ad16319402d7df

Comments