MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c2fc4a5528cd14d48243587cf7a9df2298fc535a9cef4e58de3b148d08963742. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c2fc4a5528cd14d48243587cf7a9df2298fc535a9cef4e58de3b148d08963742
SHA3-384 hash: 5cafbdc6231285786fa0debc950cba349bb1f7fefe6d8e0614563b0fdf48179ad5f6023aeaa4522674b8c9adee540d77
SHA1 hash: db392ffee1a9583f1ad1d85f1abb872db8d1b40a
MD5 hash: 9faf4f96bf10e0b39ad356ab5762b98e
humanhash: alpha-fish-arizona-nebraska
File name:order list.zip
Download: download sample
Signature Loki
Create hunting rule
File size:262'842 bytes
First seen:2020-08-18 13:17:33 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 3072:zqELq9fyeOAKdueBJPEVIpIckB1tCMuLoTaLP4gpx5JPaOm1p4Dbj3HMKOC0f+E/:zq9fWAyuPVIpIpxzTaLbJm1s3WSJxI
TLSH 0144236791858D04306F26C7BC3092FDE7B5F9A8B94510480B0BE6DCE16E859D66ECCF
Reporter abuse_ch
Tags:Loki zip


Avatar
abuse_ch
Malspam distributing Loki:

HELO: e-server.org
Sending IP: 103.11.67.137
From: Lumumba <lumumba@mail.com>
Subject: New Order
Attachment: order list.zip (contains "PH_crypted.exe")

Loki C2:
http://meublesinde.in/ph/five/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
51
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c2fc4a5528cd14d48243587cf7a9df2298fc535a9cef4e58de3b148d08963742/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-08-18 03:23:58 UTC
AV detection:
21 of 29 (72.41%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=yl6euvjizuknjasdlb6ppko7ekmpyu22ttxu4wg6hmki2cewg5ba._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c2fc4a5528cd14d48243587cf7a9df2298fc535a9cef4e58de3b148d08963742

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

zip c2fc4a5528cd14d48243587cf7a9df2298fc535a9cef4e58de3b148d08963742

(this sample)

Loki

Executable exe a4224566ad33fb26f7bcbdd33a0b08cfe2521d400223bcf20a40bc345e4279de

  
Dropping
MD5 328274e34d4d2b0ba7fa4c28fe2ca605
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a4224566ad33fb26f7bcbdd33a0b08cfe2521d400223bcf20a40bc345e4279de

Comments