MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 76feaa01eab32fc1d0715a31c52de79283e9aa6dab6d275eda85d39340422186. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 76feaa01eab32fc1d0715a31c52de79283e9aa6dab6d275eda85d39340422186
SHA3-384 hash: 4c8aa348a8f2d66aaa2e6531d523fd1da4f15007e6144b44f13815e3b4251f80685fdd69c8deac400df6bdcad9cb7a6c
SHA1 hash: 37d793dfd32ed79a240316a20c4a6606f9f9f3c4
MD5 hash: a32cdca7aeecc2f7e6bfa884c2b60dc3
humanhash: mountain-grey-batman-robert
File name:DHL Consignment Details_pdf.gz
Download: download sample
Signature Loki
Create hunting rule
File size:338'045 bytes
First seen:2020-08-20 09:13:32 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 6144:REBsA6bVQzytZ+osD5i9y9/gbMVRd+K6TItSlf9JoXS:FAeQzyLVPyKazYI8/oXS
TLSH 5B74239DB903287D98E1F003D1F501AC11B465D26EA7352598EAC0FD2CC6AB7294CEBE
Reporter cocaman
Tags:gz Loki


Avatar
cocaman
Malicious email
From: DHL express<service@dhl.com>
Received: from iux0.312.metalvxini.ml (iux0.312.metalvxini.ml [142.93.241.181])
Date: Thu, 20 Aug 2020 02:11:26 -0700
Subject: DHL Consignment Details
Attachment: DHL Consignment Details_pdf.gz

Intelligence

File Origin
# of uploads :
1
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/76feaa01eab32fc1d0715a31c52de79283e9aa6dab6d275eda85d39340422186/
Threat name:
ByteCode-MSIL.Trojan.LokiBot
Create hunting rule
Status:
Malicious
First seen:
2020-08-20 09:15:07 UTC
File Type:
Binary (Archive)
Extracted files:
10
AV detection:
20 of 29 (68.97%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=o37kuapkwmx4dudrliy4klphskb6tktnvnwsoxw2qxjzgqccegda._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/76feaa01eab32fc1d0715a31c52de79283e9aa6dab6d275eda85d39340422186

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

gz 76feaa01eab32fc1d0715a31c52de79283e9aa6dab6d275eda85d39340422186

(this sample)

Loki

Executable exe 233ff0bfb72db560756d1a4886d708658e7bd64c5ca548aba0655b6332e050b1

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 233ff0bfb72db560756d1a4886d708658e7bd64c5ca548aba0655b6332e050b1

Comments