MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 15598713650e3041f2093a5a7f557584e7ed6a79ae7ec8021c440e4ebd0607b2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 15598713650e3041f2093a5a7f557584e7ed6a79ae7ec8021c440e4ebd0607b2
SHA3-384 hash: 9fce25bf6a150ce3c5e1ac84d685c6f58b068ec8fabeec607dcced58321f30425288b417f45a0d549563a05e29f00427
SHA1 hash: f35a414bacba9b0e692ae37ed5b62fdcbb5287e6
MD5 hash: d01e42312f04fc9f5d1a739c5ccee492
humanhash: seven-equal-alaska-black
File name:DHL SHIPMENT.rar
Download: download sample
Signature Loki
Create hunting rule
File size:297'322 bytes
First seen:2020-10-26 10:11:44 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:MuPe5Od0ayO2ukcWT2YBWVPaP3U/qNNLfokchqUKcOMg/yPVRL4+Cip:MuPe5o0ayrTcwfyqNFf9jfagqPVRL4+3
TLSH 765423759B9C326A73DAEEBB87C4558083993D96C32DDB653CB2CF02F0260116296C57
Reporter abuse_ch
Tags:HostGator Loki rar


Avatar
abuse_ch
Malspam distributing Loki:

HELO: gateway34.websitewelcome.com
Sending IP: 192.185.148.109
From: dhlSender@dhl.com
Reply-To: purchase@anvinindia.co.in
Subject: Fwd: DHL On Demand Delivery
Attachment: DHL SHIPMENT.rar (contains "r6LEXi0Hzh0EVUm.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/15598713650e3041f2093a5a7f557584e7ed6a79ae7ec8021c440e4ebd0607b2/
Threat name:
ByteCode-MSIL.Malware.Burkina
Create hunting rule
Status:
Suspicious
First seen:
2020-10-25 22:34:27 UTC
AV detection:
4 of 48 (8.33%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=cvmyoe3fbyyed4qjhjnh6vlvqtt622tzvz7mqaq4iqhe5piga6za._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

rar 15598713650e3041f2093a5a7f557584e7ed6a79ae7ec8021c440e4ebd0607b2

(this sample)

Loki

Executable exe aa62a7c119d52e630f4cd8611896a896f9d4f0a9cb413f2c34e42df42b623385

  
Dropping
MD5 544c367d7a99c6ee38933edcf0237bd6
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 aa62a7c119d52e630f4cd8611896a896f9d4f0a9cb413f2c34e42df42b623385

Comments