MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e830221f8aa58784f7c61de9d9d176ca4e3b1238c8418be460bced3d3160229c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e830221f8aa58784f7c61de9d9d176ca4e3b1238c8418be460bced3d3160229c
SHA3-384 hash: 8555c005ac1c3f71e499298153d7a360d1a0249029a0da9ae95b585908610f5b7b5eab2f8d9eea3b3b0ea03f9b7e9451
SHA1 hash: 9e335be3d9a3e4e5f71e7c22ed73f1071bd69ff8
MD5 hash: e35d6b2e3313a2a5900ec569805ce407
humanhash: sixteen-kilo-river-twenty
File name:HỢP ĐỒNG NGUYÊN TẮC 2020_YOUNGONE_MALIE LIÊN_PDF.gz
Download: download sample
Signature Loki
Create hunting rule
File size:232'785 bytes
First seen:2020-08-18 19:28:41 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:SmzwAUTzpE59e3aXCnvjVsyp4gR45qkZvNQOIhDwE/:rzwbKeqSvlp7Uvudf
TLSH 9734232F09AC01A36AB7D8F9771810D204A0C07E5A5F64CF6CB94E587676E422C63FDB
Reporter abuse_ch
Tags:gz Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: mail.cadantune.xyz
Sending IP: 161.129.65.34
From: Nhung|Sales <nhung.sales@youngonevn.com>
Subject: RE: [TNF] NJ3NL51N PO.
Attachment: HỢP ĐỒNG NGUYÊN TẮC 2020_YOUNGONE_MALIE LIÊN_PDF.gz (contains "HỢP ĐỒNG NGUYÊN TẮC 2020_YOUNGONE_MALIE LIÊN_PDF.exe")

Loki C2:
http://kibossuqarmen.com/kakka/kaka6/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
56
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e830221f8aa58784f7c61de9d9d176ca4e3b1238c8418be460bced3d3160229c/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-08-18 05:22:30 UTC
AV detection:
21 of 29 (72.41%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=5ayceh4kuwdyj56gdxu5tulwzjhdweryzbayxzdaxtwt2mlaekoa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/e830221f8aa58784f7c61de9d9d176ca4e3b1238c8418be460bced3d3160229c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

zip e830221f8aa58784f7c61de9d9d176ca4e3b1238c8418be460bced3d3160229c

(this sample)

Loki

Executable exe 3b1564b4a7a7d2de0de1dabb739602b50eabcbc935b9171cbda405b1646b32f1

  
Dropping
MD5 32e5f7ad6ea4b3811b73e22488ee5c4a
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 3b1564b4a7a7d2de0de1dabb739602b50eabcbc935b9171cbda405b1646b32f1

Comments