MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e8eb2ad059e1055741c84b3fc9053e5aa47544b97bfd410a1f493850c938d39f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e8eb2ad059e1055741c84b3fc9053e5aa47544b97bfd410a1f493850c938d39f
SHA3-384 hash: 0bc5e7b33b57ff874e1fcee4b699cd703f10b19fc484b3c5404db43bf49cf1f9fbbc8c6b5a824619a52f2b465294962e
SHA1 hash: f75d5131aa316b638d599ef7ae5d7430127b5f67
MD5 hash: a559eb9215bc7a9682c99bce3e6dd520
humanhash: beer-golf-triple-march
File name:MOH Contact Form 02-07-2020·pdf.zip
Download: download sample
Signature Loki
Create hunting rule
File size:350'658 bytes
First seen:2020-07-02 06:49:21 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:h8SWpwDXXOm7NitaoXMmLXwHvOr7FVY8TNSMhvhGrRqmHmvdhB8rsKfDeXz7jEtf:hJ0wz7wtawPWO/Fi8ppvhG14B8rrDeDU
TLSH EC7423C93725648F64338A1032734BD35ED11708E49B5F0DA3922BC666FB3B92FA5726
Reporter abuse_ch
Tags:Loki zip


Avatar
abuse_ch
Malspam distributing Loki:

HELO: mail.undorthemoure.cf
Sending IP: 64.52.175.200
From: Joan KANG (MOH) <Joan_KANG@moh.gov.sg>
Subject: URGENT: Request for Information
Attachment: MOH Contact Form 02-07-2020·pdf.zip (contains "MOH Contact Form 02-07-2020·pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Fareit-6863179-0
Create hunting rule

PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Sanesecurity.Malware.27245.ZipHeur.HideExt.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e8eb2ad059e1055741c84b3fc9053e5aa47544b97bfd410a1f493850c938d39f/
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-07-02 06:51:06 UTC
AV detection:
23 of 48 (47.92%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=5dvsvucz4ecvoqoijm74sbj6lkshkrfzpp6uccq7je4fbsjy2opq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

zip e8eb2ad059e1055741c84b3fc9053e5aa47544b97bfd410a1f493850c938d39f

(this sample)

Loki

Executable exe 251a1c9f67a16ee872307ab31e74f1f4edf4f76ad92a54a31ce14bf9cf8dcd03

  
Dropping
MD5 48b6b78a13b57b1e3492917e87116ff5
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 251a1c9f67a16ee872307ab31e74f1f4edf4f76ad92a54a31ce14bf9cf8dcd03

Comments