MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f2753b9ad434e6728179577c1e7ba3cb1a156ff262a719cc01feb2b54b0c0383. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f2753b9ad434e6728179577c1e7ba3cb1a156ff262a719cc01feb2b54b0c0383
SHA3-384 hash: e0b65f691e6145c58b9b00f31f19a6d96b871cdf74ef8a0b6fa4e0bdb07d864d7ab007315e2983d408f96c5b9c2102e1
SHA1 hash: 66d11b8ab83b64bad77c74add493429cc2519588
MD5 hash: 6c5a8190f1be0dae17b1e6844a5892cc
humanhash: gee-thirteen-mango-enemy
File name:shipping Doc-410411_pdf.gz
Download: download sample
Signature Loki
Create hunting rule
File size:338'377 bytes
First seen:2020-05-21 10:06:35 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:nir165xga2i4cul0xNSXP0sCvdyW/OcYlxppSULFe//FTZmI:ixw92i4RBXkyTcwxppSU5a/Fx
TLSH 4F7423EDC1C0F8254AF322958B595D2ACA4CDF8A5E3B11A10B1C52A7FE23954E8F18D9
Reporter abuse_ch
Tags:gz Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: server.laoairlines.com
Sending IP: 61.19.247.238
From: "WOONAM LOGISTICS CO., LTD." <woonam@woonamlogistic.co.kr>
Subject: **URGENT** UNCLEARED SHIPMENT
Attachment: shipping Doc-410411_pdf.gz (contains "Doc-scan410411_pdf.exe")

Loki C2:
http://broken10.cf/LO4/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.BorlandDelphi-15
Create hunting rule

PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

SecuriteInfo.com.Trojan.Delf.FareIt.Gen.7.12176.11480.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.25815.ZipHeur.BadExt.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-21 10:37:19 UTC
File Type:
Binary (Archive)
Extracted files:
296
AV detection:
30 of 48 (62.50%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=6j2txgwugtthfalzk56b465dzmnbk37smktrttab72zlksymaobq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

zip f2753b9ad434e6728179577c1e7ba3cb1a156ff262a719cc01feb2b54b0c0383

(this sample)

Loki

Executable exe cc3fd37b6617c61fb8972c9dbe5cd10268d11ecaa99b701070da7776135e16cc

  
Dropping
MD5 81c0db36de501655fd8b687894b23835
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 cc3fd37b6617c61fb8972c9dbe5cd10268d11ecaa99b701070da7776135e16cc

Comments