MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1603d427a38375bdc81f2cb28c753f41eb2ec8dd311e7ca03a420f7c87342912. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1603d427a38375bdc81f2cb28c753f41eb2ec8dd311e7ca03a420f7c87342912
SHA3-384 hash: 94134508ca193dcdc8be5caa2af51aeb36426d4d013c05e7636f7f259415b62f834bfa20720c2e7ae39649c232a32cd8
SHA1 hash: 1ace0976316b674eca5f84369db527c275ffb360
MD5 hash: 29e4d4c90df59444cdaa85fbdf85849b
humanhash: autumn-solar-cat-march
File name:MAHLEP SEEDS SAMPLE.pdf.z
Download: download sample
Signature Loki
Create hunting rule
File size:306'567 bytes
First seen:2020-05-19 07:32:46 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 6144:TV3TGEcHPe3vPLcO+yQaRW/MX8ucoKX3cBhOrcGe5kIxN+R:TIe/PoO+ye/MX8pXMBh9d6R
TLSH 7D64234FEF18492E6125FBD4F085023CE939399728F7B5EE81AAEB4138573C0219D65D
Reporter abuse_ch
Tags:Loki z


Avatar
abuse_ch
Malspam distributing Loki:

HELO: mail001.datapar.com
Sending IP: 170.238.19.37
From: Mehmet ALTUNTAŞ <mehmet@altunta.com.tr>
Subject: MAHLEP SEEDS & GOLDEN SESAME SEEDS
Attachment: MAHLEP SEEDS SAMPLE.pdf.z (contains "MAHLEP SEEDS SAMPLE.pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-19 07:36:05 UTC
File Type:
Binary (Archive)
Extracted files:
288
AV detection:
24 of 48 (50.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=cyb5ij5dqn233sa7fsziy5j7ihvs5sg5gephzib2iihxzbzufeja._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

z 1603d427a38375bdc81f2cb28c753f41eb2ec8dd311e7ca03a420f7c87342912

(this sample)

Loki

Executable exe 039c88b44709df38390a2a3a587a39f31f54565d21279e95b89e2d870e461813

  
Dropping
MD5 a0abad009e71f33c92f1cc474d09b15c
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 039c88b44709df38390a2a3a587a39f31f54565d21279e95b89e2d870e461813

Comments