MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d374d59be71d9cdccff3dce95f91072b9004d0755ad4b76a786918eb03aff7c2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d374d59be71d9cdccff3dce95f91072b9004d0755ad4b76a786918eb03aff7c2
SHA3-384 hash: 88eeba599bd910f93efc0576a1d496bf4fab28c9c3a07c91bb6101986594a2ce5803ab7c45a40153aa30bd1be7378ef9
SHA1 hash: d5ccaff70b7563163f5bf1eb24af35edec214e09
MD5 hash: eecd4f412610480c7e7424588123940d
humanhash: georgia-venus-illinois-lithium
File name:TNT Express Notification Your shipment.zip
Download: download sample
Signature Loki
Create hunting rule
File size:485'439 bytes
First seen:2020-03-31 11:35:41 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:jsyq/e6ydRTHMXbVJF3fgYspaiE3He5OnKfkXGBkCgM4Rt/+h:jsyqeQXpgDpdE+OnND9M47/+h
TLSH 9EA4235C7AD83D7DF40B5270630833C6BAF390E6799CDD1E4867A7C82D25E889891CAC
Reporter abuse_ch
Tags:COVID-19 Loki zip


Avatar
abuse_ch
COVID-19 themed malspam campaign distributing Loki:

HELO: host.s102host.com
Sending IP: 206.225.80.195
From: customerservice.sg@tnt.com
Subject: TNT Express Notification/ Your shipment was returned to our office!!!\x0a BECAUSE OF COVID-19 OUTBREAK.
Subject: Your shipment was returned to our office!!! BECAUSE OF COVID-19\x0a OUTBREAK.
Attachment: TNT Express Notification Your shipment.zip
Attachment: Notification Your shipment.zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
93
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

PUA.Win.Adware.Webalta-6854075-0
Create hunting rule

PUA.Win.Adware.Webalta-6862190-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-03-31 12:35:53 UTC
File Type:
Binary (Archive)
Extracted files:
61
AV detection:
22 of 47 (46.81%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=2n2nlg7hdwonzt7t3tuv7eihfoiajudvllklo2tynemowa5p67ba._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

zip d374d59be71d9cdccff3dce95f91072b9004d0755ad4b76a786918eb03aff7c2

(this sample)

Loki

Executable exe c595086faf17403f50e8992fcbbcd1384d57f64983268757774be32ee31bd164

  
Dropping
MD5 407726838f9ffad00cd08e2cc246b4cb
  
Dropping
SHA256 c595086faf17403f50e8992fcbbcd1384d57f64983268757774be32ee31bd164
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c595086faf17403f50e8992fcbbcd1384d57f64983268757774be32ee31bd164

Comments