MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0c3312eb3284614098a9bfb8e90bff74666fa9dcc4d2c62cb2ba06722b04892c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0c3312eb3284614098a9bfb8e90bff74666fa9dcc4d2c62cb2ba06722b04892c
SHA3-384 hash: 14f5db721269d26cbe71904891df4eed7b634671484c4181991afb9269db38bf725f23e887041f560e7dae58acd31bc2
SHA1 hash: 32bcbb7f7a41d6dbae9f912209b5e7564d3e4c2c
MD5 hash: 720adc385cf2f3088b960aed5c5faa1d
humanhash: fruit-hotel-magnesium-winner
File name:Shipping documentsBL,PL,INVpdf.arj
Download: download sample
Signature Loki
Create hunting rule
File size:234'430 bytes
First seen:2020-11-26 06:38:14 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:uyBHs//g5W2AH662Nk026e2gur6TW7OTkN:5cn66Qj/6TWKIN
TLSH 493412B28161CBA9DBD13A301FE57E6E8EB5AA957444C6872CFC34F9580CDF6B01894C
Reporter abuse_ch
Tags:arj Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: ns1.realsunucu.com
Sending IP: 217.195.198.51
From: Apex Maritime Co. (ORD), INC <kelly_kuang@apexshipping.com>
Subject: ***Urgent**Draft Shipping Instruction
Attachment: Shipping documentsBL,PL,INVpdf.arj (contains "Shipping documents(BL,PL,INV)pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
106
Origin country :
n/a
Vendor Threat Intelligence
Result
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0c3312eb3284614098a9bfb8e90bff74666fa9dcc4d2c62cb2ba06722b04892c/
Threat name:
Win32.Trojan.Ymacco
Create hunting rule
Status:
Malicious
First seen:
2020-11-26 06:39:04 UTC
AV detection:
19 of 48 (39.58%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=bqzrf2zsqrqubgfjx64osc77ortg7ko4ytjmmlfsxidhekyerewa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

zip 0c3312eb3284614098a9bfb8e90bff74666fa9dcc4d2c62cb2ba06722b04892c

(this sample)

Loki

Executable exe a8f6d5c53f1ce4b3841a24cff74e977bd18ee5d4a7566252f9aed42b4fd01b4d

  
Dropping
MD5 debfa055a90196038610bd958ed25233
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a8f6d5c53f1ce4b3841a24cff74e977bd18ee5d4a7566252f9aed42b4fd01b4d

Comments