MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a22717d866d79bb6f31111ca550020b66f1d2f8d0fbc15696ced0e18ae4e64ad. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a22717d866d79bb6f31111ca550020b66f1d2f8d0fbc15696ced0e18ae4e64ad
SHA3-384 hash: d2eb739bb8da270ee8841b8ac63e000dbde4a3cf9d408526732416ce4819cbff1381bbd5b96e70c344d752e16c2437ce
SHA1 hash: 600472f26b2d81040cd9f3001de3521f21b8e33e
MD5 hash: 414e7c5cd8ca0a683bd43c2717bfccf3
humanhash: summer-wyoming-carbon-sad
File name:file.zip
Download: download sample
Signature Loki
Create hunting rule
File size:749'818 bytes
First seen:2020-05-28 06:46:12 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:eG2TtZ2kEuYN1ye9AfQEVGdXP7jN2BxRmk71SbYYNiHC5IovrIOd8GI5ggNe:Z2RZGKe+AdPw8KQYY4+v58l5Ds
TLSH 29F423DE856B20CFAB1F525932D8D38BBC10A51A23523D5D1E1E16C3975C3AD8332EE8
Reporter abuse_ch
Tags:Loki RAT RemcosRAT zip


Avatar
abuse_ch
Malspam distributing RemcosRAT:

HELO: mail.mowindra.ml
Sending IP: 173.82.238.253
From: CEF-TPE / Vivian Chen <admin@mowindra.ml>
Subject: S/ 翰聯 SHA TO CHICAGO LCL 提單草稿 ETD: 5/30 / BT2005030
Attachment: file.zip (contains "file.scr")

RemcosRAT C2:
188.72.124.143:2858

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

SecuriteInfo.com.Artemis3956A314271F.14689.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-28 07:43:26 UTC
File Type:
Binary (Archive)
Extracted files:
588
AV detection:
16 of 48 (33.33%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

zip a22717d866d79bb6f31111ca550020b66f1d2f8d0fbc15696ced0e18ae4e64ad

(this sample)

RemcosRAT

Executable exe 9c76803cb5acd81ad611eed2bc4daa50f1a4e27cd2cea75e40f0d5011047e2a9

  
Dropping
MD5 6c7b002d23f38600926eba53eb0126cf
  
Dropping
RemcosRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 9c76803cb5acd81ad611eed2bc4daa50f1a4e27cd2cea75e40f0d5011047e2a9

Comments