MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 db7a2045ac204e982e83402c9351f9590d4e847ebbaa313c173d4722e1b19a21. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: db7a2045ac204e982e83402c9351f9590d4e847ebbaa313c173d4722e1b19a21
SHA3-384 hash: 87b6d3e0477b70d31e7593abc7b430d7f0f35a87737af7ab053a0ccff97e6586026c7dec8e7f19b135068ab33c4df696
SHA1 hash: 0b8f5f7b4eb0d22f0f9cc61ceccc394a4f8b8f39
MD5 hash: 35a5445920fca69ba137981293c199bc
humanhash: north-oklahoma-orange-one
File name:Attached Documents FYV07072020_pdf.arj
Download: download sample
Signature Loki
Create hunting rule
File size:241'514 bytes
First seen:2020-07-07 09:49:48 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:YVJNM5dPmlfK9FZbg9LKDLIin7dWQgCthylRUG8JUY/ybhC:YnNmdPEK9A9LKfIi7dNgCthyTUG85/EQ
TLSH 04342206E0E930F61598565484E037AF4A1CB68E677523C2BAC7FEDEA4F02AF753D844
Reporter abuse_ch
Tags:arj Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: utopia.herosite.pro
Sending IP: 103.108.220.126
From: h.osman@jeanplastllc.com
Subject: Copy of Transfer Receipt From Our Bank
Attachment: Attached Documents FYV07072020_pdf.arj (contains "Attached Documents FYV#07072020_pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/db7a2045ac204e982e83402c9351f9590d4e847ebbaa313c173d4722e1b19a21/
Threat name:
ByteCode-MSIL.Backdoor.Negasteal
Create hunting rule
Status:
Malicious
First seen:
2020-07-07 03:33:43 UTC
AV detection:
32 of 48 (66.67%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=3n5carnmebhjqludiawjgupzlegu5bd6xovdcpaxhvdsfynrtiqq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

zip db7a2045ac204e982e83402c9351f9590d4e847ebbaa313c173d4722e1b19a21

(this sample)

Loki

Executable exe 50823ae6e2e1cdf7aeb3fa1e9398ef0f5f7c244d22e3a1fce261aa0836bd02bd

  
Dropping
MD5 b5de70712b8019f5209ea76c30d8874a
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 50823ae6e2e1cdf7aeb3fa1e9398ef0f5f7c244d22e3a1fce261aa0836bd02bd

Comments