MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 67590b3aeb86b4c7738c29271f40919326efc7003a39337ddf0be0e1873224f0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 67590b3aeb86b4c7738c29271f40919326efc7003a39337ddf0be0e1873224f0
SHA3-384 hash: 8f4fed554c9f6f96a0670d0c2ae3d715c58a3bd4d59a94cb5453f6484a3fc960390ff3af0bf7e95f448673cb05e15fee
SHA1 hash: bdbfe4c34945703acdca1539b7d3a9a93a4c1313
MD5 hash: 090ffab84c87a4718e7d8e36f18f7fbf
humanhash: bakerloo-paris-fifteen-purple
File name:BUNKER ESTIMATE.zip
Download: download sample
Signature Loki
Create hunting rule
File size:186'376 bytes
First seen:2020-07-03 06:21:10 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 3072:524mKQ1QdxstS1abt6ZLyjUfBDXQs0Wf0uFKZVFuXl+mtsyJ/eWL1vgLXXJ+9tqs:TnEkutSAbtWyj6ZXQHuY7c+mHxxeJ+9h
TLSH D1042285F4F2449390E11F10376935AD3EAA9A156E1BF83801F03AF4FEDB91D1A3752A
Reporter abuse_ch
Tags:Loki zip


Avatar
abuse_ch
Malspam distributing Loki:

HELO: sigma.elinuxservers.com
Sending IP: 72.34.49.173
From: it@elmercato-italiano.com
Subject: BUNKER ESTIMATE - MV SEA HORSE 10TH JULY.2020
Attachment: BUNKER ESTIMATE.zip (contains "Payment Voucher.exe")

Loki C2:
http://beckhoff-th.com/kon/kon2/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Generic-EXE.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.24600.ZipHeur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/67590b3aeb86b4c7738c29271f40919326efc7003a39337ddf0be0e1873224f0/
Threat name:
ByteCode-MSIL.Trojan.Avemariarat
Create hunting rule
Status:
Malicious
First seen:
2020-07-03 06:23:03 UTC
AV detection:
21 of 48 (43.75%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=m5mqwoxlq22mo44mfetr6qersmto7ryahi4tg7o7bpqodbzsetya._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

zip 67590b3aeb86b4c7738c29271f40919326efc7003a39337ddf0be0e1873224f0

(this sample)

Loki

Executable exe bcf6fbcc0ec49a0a368bb59ac144138118aa37aac01eddf9cab4fa90e41f9e52

  
Dropping
MD5 1e2b7de4cb7e656d01c26981d409634e
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 bcf6fbcc0ec49a0a368bb59ac144138118aa37aac01eddf9cab4fa90e41f9e52

Comments