MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0deb3c89923d6dd8956133ff80f3b2fb2f14035abd77c45e186211e719d2dc72. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0deb3c89923d6dd8956133ff80f3b2fb2f14035abd77c45e186211e719d2dc72
SHA3-384 hash: 6c2e2d11dd9940c47191c695787b595bf4132cc40a5182c02ce909eaed663dc886f1ad0a3cc0d357aa668bc7d8c20127
SHA1 hash: 48a52fe8b2bbb3f900f0c3fc7d06192279391668
MD5 hash: 9192dc3e7e8d3ec650a134ed08604d02
humanhash: floor-alanine-delta-utah
File name:202010276184023534_0001.pdf.arj
Download: download sample
Signature Loki
Create hunting rule
File size:459'831 bytes
First seen:2020-10-27 10:18:52 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:YiuLwNSSg3cokqkAIwGW+VYOQVAqmjdU22:Hu0zpokqkbVfQVjm5U22
TLSH 20A423C6F9E3BEE6BD16C6368F3B3274EDD00E5B6D91A3534306D906811ED64A0D70A4
Reporter abuse_ch
Tags:arj Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: cpshared6.tedata.net
Sending IP: 213.158.180.197
From: account021@yeonsungship.com
Subject: Full set of shipping document for 14 x 20FCL ETA 11.13.20
Attachment: 202010276184023534_0001.pdf.arj (contains "202010276184023534_0001.pdf.exe")

Loki C2:
http://sieqwarteg.com/chief/alhaji/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.25518.ZipHeur.Ext.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0deb3c89923d6dd8956133ff80f3b2fb2f14035abd77c45e186211e719d2dc72/
Threat name:
ByteCode-MSIL.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-10-27 03:30:21 UTC
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=bxvtzcmshvw5rflbgp7yb45s7mxria22xv34ixqymii6ogos3rza._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

zip 0deb3c89923d6dd8956133ff80f3b2fb2f14035abd77c45e186211e719d2dc72

(this sample)

Loki

Executable exe f690a5d289ca78684075e5755fd4e5f0f1a2c1dd4b2e41c80f180b9f95429d8e

  
Dropping
MD5 ce13988eabb6d56326652f888267ccb2
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f690a5d289ca78684075e5755fd4e5f0f1a2c1dd4b2e41c80f180b9f95429d8e

Comments