MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ba46101e58b075df9a300ed776d83ce3391fc19c78ae36f64e7e7daea43892ca. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ba46101e58b075df9a300ed776d83ce3391fc19c78ae36f64e7e7daea43892ca
SHA3-384 hash: e78197b4c4f52fe961d20c4e3d967020615264f4d94550585e717765eb3c80d7e339d084962b1c0c3d1b5fa0d3c72ba9
SHA1 hash: 8ab873c3757b2abfc892208d6ce9e6aaf06135f7
MD5 hash: e38e4129a77cec7e0975c0ee203c3f44
humanhash: pizza-alanine-july-coffee
File name:Techinical sheet.zip
Download: download sample
Signature Loki
Create hunting rule
File size:225'832 bytes
First seen:2020-06-10 10:33:34 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:JsZ0akgNbJYv3tfCcNKDuCwrHN1204+lyMJkPokRRA:+NbA3tfeYrt1RLly9HRS
TLSH 6E24238026C92506A0CE9BF5D0E0A9AF566DF8C61574B52F1C9033AC93F6D732392ED3
Reporter abuse_ch
Tags:Loki zip


Avatar
abuse_ch
Malspam distributing Loki:

HELO: 77-72-3-56.hosted-at.kloud.co.uk
Sending IP: 77.72.3.56
From: Talaat Shawky <oldch@canterburyoldchoristers.org.uk>
Reply-To: Talaat Shawky <biz@boardss.de>
Subject: YANAR Trading - RFQ Products
Attachment: Techinical sheet.zip (contains "Techinical sheet.exe")

Loki C2:
http://eloquentcs.com/five/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.WGM.15228.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-06-10 10:35:09 UTC
AV detection:
25 of 48 (52.08%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=xjdbahsywb257grqb3lxnwb44m4r7qm4pcxdn5sopz625jbyslfa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

zip ba46101e58b075df9a300ed776d83ce3391fc19c78ae36f64e7e7daea43892ca

(this sample)

Loki

Executable exe cf13202e5434ed24d8aa3c5c726735a4b3937269f44963bd6476467b63ab8a5e

  
Dropping
MD5 e8208226cb70355f5194ce0532964267
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 cf13202e5434ed24d8aa3c5c726735a4b3937269f44963bd6476467b63ab8a5e

Comments