MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a387cf59faa60c6a7791e8e1e7d6513e6f01e0a61da993fbe392e435de843f51. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Loki

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	a387cf59faa60c6a7791e8e1e7d6513e6f01e0a61da993fbe392e435de843f51
SHA3-384 hash:	9cb840f7f7a293ece03786dfc63ca4fdbb3aaf03db1c44ee2594518b8ec6e468e6b9fa497dd99c6fb0ef14e6c5809824
SHA1 hash:	6044d5e5b42e393da799594ce33e43b1241681aa
MD5 hash:	341a47f7874830764a02f70a7dee2e9a
humanhash:	mexico-pluto-white-mountain
File name:	PPE Quotation-june 3.pdf_______________________PPE Quotation-june 3.pdf____64464.gz
Download:	download sample
Signature	Loki Create hunting rule
File size:	183'581 bytes
First seen:	2020-06-03 08:55:00 UTC
Last seen:	Never
File type:	gz
MIME type:	application/x-rar
ssdeep	3072:671KBIAFnQAk12rHpqJL1BGoXAPuVGf2yeVZyvVO40Pwgh+SHEB9cLs+2Nr1AK6:SKBBnXz+1BGsAk62rbyvVbP9was
TLSH	CE04124F57144F3495B228F0C5A72DFC59A30EC9CAA1964C396DB4DB10628372BABB8C
Reporter	abuse_ch
Tags:	gz Loki

abuse_ch

Malspam distributing Loki:

HELO: e351425.name-servers.gr
Sending IP: 195.201.38.252
From: Ms Tina <incomes@genebre.es>
Subject: Re: 50,000pcs KN95 mask Invoice and air rate// total 3.4CBM/29CTNS
Attachment: PPE Quotation-june 3.pdf_______________________PPE Quotation-june 3.pdf____64464.gz (contains "PPE Quotation-june 3.pdf_______________________PPE Quotation-june 3.pdf____64464.exe")

Loki C2:
http://mecharnise.ir/da15/fre.php

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Gathering data

Threat name:

ByteCode-MSIL.Trojan.Kryptik

Status:

Malicious

First seen:

2020-06-03 05:12:36 UTC

AV detection:

16 of 48 (33.33%)

Threat level:

2/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=uod46wp2uyggu54r5dq6pvsrhzxqdyfgdwuzh67dslsdlxueh5iq._file

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

gz a387cf59faa60c6a7791e8e1e7d6513e6f01e0a61da993fbe392e435de843f51

(this sample)

Loki

exe 0ec7a2334cf4a59e049ef2be1cf1320e5641d8aefc503e6cd3450be305bb065c

Dropping

MD5 c3c11dfaacdab0b2fe6bf8b6e895b1f9

Dropping

Loki

Delivery method

Distributed via e-mail attachment

Dropping

SHA256 0ec7a2334cf4a59e049ef2be1cf1320e5641d8aefc503e6cd3450be305bb065c

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample