MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5e9e6253da6a760c1ca8da08de21590d3ab494f18144dd5562b83f1c87622f57. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5e9e6253da6a760c1ca8da08de21590d3ab494f18144dd5562b83f1c87622f57
SHA3-384 hash: 415b0653af72307c93b9d525095363c8054f3a78b22c86f4bf08bf996d8892a07faf37f4dc2bcf42db0d9e90cf319efc
SHA1 hash: a920441fb7b98202469622a6ed68ffb03ab01318
MD5 hash: 7bd1696730b1c5e849585a247c401dd7
humanhash: eight-sodium-oranges-indigo
File name:Quote covid-19 kit KN95 mask Invoice and air rate__pdf_____545.gz
Download: download sample
Signature Loki
Create hunting rule
File size:154'643 bytes
First seen:2020-05-27 18:00:27 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 3072:R/B8aPWaR/COWWH+qDKRd/lJUjBeHVEc6ftZITTsDR/ZZc1S6O76u6T+9+pm:FB/PWG/iWH+qDAlwBeGcbcHo47oI7
TLSH 6FE3125046C63446761BE31B2D92BB08A6F5AEE4C6E1181AC4BC2F2F68C5761C5E732E
Reporter abuse_ch
Tags:COVID-19 gz Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: xray747.startdedicated.net
Sending IP: 188.138.88.201
From: Tina  <info@dreamsraft.gr>
Subject: Re: 50,000pcs covid-19 kit KN95 mask Invoice and air rate
Attachment: Quote covid-19 kit KN95 mask Invoice and air rate__pdf_____545.gz (contains "Quote covid-19 kit KN95 mask Invoice and air rate__pdf_____545.exe")

Loki C2:
http://mecharnise.ir/da15/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Inject
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 18:37:20 UTC
AV detection:
19 of 48 (39.58%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

gz 5e9e6253da6a760c1ca8da08de21590d3ab494f18144dd5562b83f1c87622f57

(this sample)

Loki

Executable exe 2987f5c5d7aaeba4e63e81fe63efa92a261d97a8eeb9bd25dafc5a7d4befba21

  
Dropping
MD5 d947ba3a38c43cbeead5b8a76f7c818b
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2987f5c5d7aaeba4e63e81fe63efa92a261d97a8eeb9bd25dafc5a7d4befba21

Comments