MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d824fcb1cb81ff5406f6a85119a59b82150c6fa77bf2bdfa663c63bcedeb379e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 2 File information 4 Yara Comments

SHA256 hash: d824fcb1cb81ff5406f6a85119a59b82150c6fa77bf2bdfa663c63bcedeb379e
SHA3-384 hash: 990e91242dbff93d767778b2e618e0e0d1a6a8461f1c612047cdf9cf5ac731cd6231810a6d09ee00537583746c8fde9b
SHA1 hash: 0056c5037bbdcf7cb2a40413c701b671ea6efc50
MD5 hash: daf58130254fe17db6e59e4ffc482088
humanhash: friend-paris-carbon-colorado
File name:Scan_21000.gz
Download: download sample
Signature Loki
File size:509'823 bytes
First seen:2020-06-30 09:02:39 UTC
Last seen:2020-06-30 09:32:34 UTC
File type: zip
MIME type:application/zip
ssdeep 12288:5hH3uHk1dZbJS12pjrDY04aBrK+7Evhn7HXrL4QVb:T+E1LbJB94YfEhXX
TLSH 78B42351CDDBD4979DFAACA3EC4BFD59073C93CE5922584A28C62D620E1693A03F36C4
Reporter @abuse_ch
Tags:gz Loki


Twitter
@abuse_ch
Malspam distributing Loki:

HELO: 94-100-28-210.static.hvvc.us
Sending IP: 94.100.28.210
From: Vera <office.e@gmail.com>
Subject: Documents Confirmation
Attachment: Scan_21000.gz (contains "Scan_21000.exe")

Intelligence


Mail intelligence
Trap location Impact
Global High
# of uploads 2
# of downloads 33
Origin country FR FR
ClamAV PUA.Win.Adware.Slugin-6803969-0
PUA.Win.Adware.Slugin-6840354-0
PUA.Win.Adware.Webalta-6854075-0
PUA.Win.Adware.Webalta-6862190-0
SecuriteInfo.com.Variant.Zusy.307899.10298.11102.UNOFFICIAL
Sanesecurity.Malware.22774.ZipHeur.UNOFFICIAL
CERT.PL MWDB Detection:n/a
Link: https://mwdb.cert.pl/sample/d824fcb1cb81ff5406f6a85119a59b82150c6fa77bf2bdfa663c63bcedeb379e/
ReversingLabs :Status:Malicious
Threat name:Win32.Trojan.Injector
First seen:2020-06-30 05:20:35 UTC
AV detection:31 of 48 (64.58%)
Threat level:   5/5
Spamhaus Hash Blocklist :Malicious file
VirusTotal:Virustotal results 41.54%

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

zip d824fcb1cb81ff5406f6a85119a59b82150c6fa77bf2bdfa663c63bcedeb379e

(this sample)

  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment

Comments