MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 39703780244658fb4dd650c3471880a75d0c3b65415910990ab5ee6e2906af36. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 39703780244658fb4dd650c3471880a75d0c3b65415910990ab5ee6e2906af36
SHA3-384 hash: 5017fd87eff40b6640d250fb69ed6c50e4e667ecc00565b5742224740e3949645dc169ba52979563a3f187bfb610fd64
SHA1 hash: 75a41cf0d1243ed33271515a16cd82ea1d9cf35e
MD5 hash: 8c960bb22906a08be65082af36e358c3
humanhash: enemy-kentucky-north-michigan
File name:Purchase Order 4501275347 RMX .pdf.gz
Download: download sample
Signature Loki
Create hunting rule
File size:300'254 bytes
First seen:2020-05-13 10:16:36 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 6144:1zla3ygyWVhfRNX7mP7ghPxXDOzTy2mQf/yaGPxdQYm3ih:l23ffLUg/TpQHyZPph
TLSH 5B5423EDB9678B583AFF0AD98861FB48FAE19E6405FD3181C19F04D49B405BB584CE34
Reporter abuse_ch
Tags:gz Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: gateway30.websitewelcome.com
Sending IP: 192.185.197.25
From: Ilias Ntarladimas <info@grgroup.in>
Subject: Re:Purchase Order #4501275347BRMX.
Attachment: Purchase Order 4501275347 RMX .pdf.gz (contains "Purchase Order 4501275347 RMX .pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.Generickdz-7778470-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Androm
Create hunting rule
Status:
Malicious
First seen:
2020-05-13 08:54:08 UTC
File Type:
Binary (Archive)
Extracted files:
4
AV detection:
28 of 48 (58.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=hfydpabeizmpwtowkdbuogeau5oqyo3fifmrbgikwxxg4kigv43a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

gz 39703780244658fb4dd650c3471880a75d0c3b65415910990ab5ee6e2906af36

(this sample)

Loki

Executable exe 171f6b07c6a6499c24d5a6ebe059a666def31b7fad6df1a6d256948d2b7fcb5c

  
Dropping
MD5 cb5d27841b4a1a8b4c2ef0930ce63763
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 171f6b07c6a6499c24d5a6ebe059a666def31b7fad6df1a6d256948d2b7fcb5c

Comments