MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e821b5d7800df3d0049b41d6c33997b3d710d3b37801704bd2823cc621a678b8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e821b5d7800df3d0049b41d6c33997b3d710d3b37801704bd2823cc621a678b8
SHA3-384 hash: b420e639d809acabe27ab0bdb7066cf143da107d61fd9caa0437cf235a5471eb235b096aa97377b233b5c4fffaeccce7
SHA1 hash: 3f62e2a22125bbb27ca9f75915162639d04cfb81
MD5 hash: 72e478f8aec32822709260549d0ec7a5
humanhash: angel-summer-uncle-victor
File name:PI-BL_SHIPPING DOCUMENT.gz
Download: download sample
Signature Loki
Create hunting rule
File size:60'081 bytes
First seen:2020-05-18 06:35:15 UTC
Last seen:2020-05-18 11:46:57 UTC
File type: gz
MIME type:application/x-rar
ssdeep 768:3FrtozEolt/y+7HW1J08ECmzK2ZzzpiD6QbSusebei2OBrpyp1211d8UvYKQlJ2L:3D71+72/08zmz7ptQXeiRBUP21T8WYcL
TLSH 64430222B832E0EFB1494BE9FA743AC09249562E91D47C70EA4FBC5432794D4F6AE4D1
Reporter abuse_ch
Tags:gz Loki Maersk


Avatar
abuse_ch
Malspam distributing Loki:

HELO: rance.com
Sending IP: 173.82.243.253
From: Maersk Line Container Logistics & Supply Chain Services Container Logistics & Supply Chain Services <ca.export@maersk.com>
Subject: ATTN: PI&BL URGENT_SHIPPING_DOCUMENT%
Attachment: PI-BL_SHIPPING DOCUMENT.gz (contains "PI-BL_SHIPPING DOCUMENT.scr")

Loki C2:
http://lmpulsefashion.net/four/gates3/fre.php

Intelligence

File Origin
# of uploads :
3
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-05-18 07:35:42 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
25 of 48 (52.08%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=5aq3lv4abxz5abe3ihlmgomxwplrbu5tpaaxas6sqi6mmingpc4a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

gz e821b5d7800df3d0049b41d6c33997b3d710d3b37801704bd2823cc621a678b8

(this sample)

Loki

Executable exe 72df3f9a494ac0d849ea6ba3917dfc37d7275f170f01348d3fd2ad77fb3d601d

  
Dropping
MD5 3768fe51238c141f42cab373c8135963
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 72df3f9a494ac0d849ea6ba3917dfc37d7275f170f01348d3fd2ad77fb3d601d

Comments