MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 491cddb5912f901f81f8b0d321811fbbc632eba9bad44ea5168eb296a999753b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 491cddb5912f901f81f8b0d321811fbbc632eba9bad44ea5168eb296a999753b
SHA3-384 hash: 161f1f84d2c985cc9f85bb12e86915d503721cbfbb392ff9e9c1826459425ab569f43c54bf7976e21feac8c888ee41bd
SHA1 hash: 0869e224c5b5158ff3db7b28a08d039f356f0b42
MD5 hash: a26af2d4d2fc36b7223df26419e36538
humanhash: aspen-california-diet-seven
File name:FedEx Invoice BKK0005254282.gz
Download: download sample
Signature Loki
Create hunting rule
File size:342'111 bytes
First seen:2020-05-14 14:55:35 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 6144:K9D6LZh2AQXdBbrBS8zjvlewobIit4qi9Nl/rwJLV1R2TUGJet0B:yob2AwHrBS8kwNS49chV1wTxl
TLSH A07423EF2F7FA618C96C8843045697AEEBB7670CD04189B99632F7E933D50CE1812C65
Reporter abuse_ch
Tags:FedEx gz Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: ip-172-31-21-154.ec2.internal
Sending IP: 54.145.164.71
From: FedEx <FedEx@message.fedex.com>
Reply-To: FedEx EXPRESS <donotreply@fedex.com>
Subject: FedEx Shipment Notification:Your Latest FedEx Invoice BKK0005254282
Attachment: FedEx Invoice BKK0005254282.gz (contains "FedEx Invoice BKK0005254282.exe")

Loki C2:
http://missingandfound.com.my/mb/Panel/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

SecuriteInfo.com.Variant.Zusy.303669.16102.12195.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-14 15:35:37 UTC
File Type:
Binary (Archive)
Extracted files:
318
AV detection:
23 of 48 (47.92%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=jeon3nmrf6ib7apywdjsdai7xpddf25jxlke5jiwr2zjnkmzou5q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

gz 491cddb5912f901f81f8b0d321811fbbc632eba9bad44ea5168eb296a999753b

(this sample)

Loki

Executable exe 6a77cecfbb060c07f1de1d91ff4ce7e194b7188e21aea98a261b4a6518aa9af4

  
Dropping
MD5 e23d6e3eeeca1c85995871487b93befd
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 6a77cecfbb060c07f1de1d91ff4ce7e194b7188e21aea98a261b4a6518aa9af4

Comments