MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 acba51c8cb6025b3490c933a913dc6d4fa95a55288e59864bb2bf04aeaa5b47c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: acba51c8cb6025b3490c933a913dc6d4fa95a55288e59864bb2bf04aeaa5b47c
SHA3-384 hash: 960e23c98da588f344f89af353d8ecb3f23aae6551acb18cb56db099b8b069f98646142c6c217bee702f835125e44fbe
SHA1 hash: 21545e09e17916a56ef76dbfa70687b7d207f552
MD5 hash: 6241246c74d85e8ce79c854d18533785
humanhash: potato-gee-arkansas-pasta
File name:DHL 821673378900____pdf____.bz
Download: download sample
Signature Loki
Create hunting rule
File size:23'388 bytes
First seen:2020-05-07 09:56:35 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 384:QjOmLRNFg457SKo784TkK60FSXQrD99th0mywgMl6mMIllslOxWQyMfOZ64rdZXy:OhNd1z0AYZ9g9xMiIlYOxjyMfOZJxo
TLSH F0B2E185CAF32196CC799209B3B42585DC23232E17017CEB9DC351F59EA392137F4947
Reporter cocaman
Tags:bz Loki


Avatar
cocaman
Malicious email
From: "DHL EXPRESS" <orders@marine.com>
Received: from marine.com (hwsrv-723342.hostwindsdns.com [142.11.196.159])
Date: 07 May 2020 02:36:07 -0700
Subject: Your DHL Shipment Notification : 821673378900
Attachment: DHL 821673378900____pdf____.bz

Intelligence

File Origin
# of uploads :
1
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-05-07 09:59:59 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
16 of 31 (51.61%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=vs5fdsglmas3gsimsm5jcpog2t5jljksrdszqzf3fpyev2vfwr6a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

rar acba51c8cb6025b3490c933a913dc6d4fa95a55288e59864bb2bf04aeaa5b47c

(this sample)

Loki

Executable exe 10e06d6dedcfa52bb09cfb066ed4b5276a6a60ccfc5a6230911ce04b829f381f

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 10e06d6dedcfa52bb09cfb066ed4b5276a6a60ccfc5a6230911ce04b829f381f

Comments