MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1a1d2e2e92bf727888cd26be51afe974ddb0e20f5c44c1415ef5830878ff2a7e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 2 File information 4 Yara Comments

SHA256 hash: 1a1d2e2e92bf727888cd26be51afe974ddb0e20f5c44c1415ef5830878ff2a7e
SHA3-384 hash: 8a862d5481a23d7830d4d2a0398e680b1f81485585e0f4e21bec25e36668c2fc106b0ad17228978d6c7c70276034a372
SHA1 hash: f31748a2d206e7b23c7c54b2d9f46723450ecb86
MD5 hash: 599eb1a311f4abcfad4cf9b6d355e2f8
humanhash: cardinal-sad-blue-whiskey
File name:Environmental.zip
Download: download sample
Signature Loki
File size:221'604 bytes
First seen:2020-06-30 13:07:23 UTC
Last seen:2020-06-30 21:06:33 UTC
File type: zip
MIME type:application/zip
ssdeep 6144:rZINMq6fij6IoZuCgwYwOJXbVvDenw+oa+TRpyz:6MvfiF4xRWXb0oa+lpu
TLSH D22423671B83CBFC2E4A855D54CAB4E4015A2251ECAF3612CABC8431525FA94B88BDFC
Reporter @abuse_ch
Tags:Loki zip


Twitter
@abuse_ch
Malspam distributing Loki:

HELO: mail.huclangia.gq
Sending IP: 38.130.219.134
From: export@huclangia.gq
Subject: Environmental Products Corporation
Attachment: Environmental.zip (contains "Environmental.exe")

Loki C2:
http://bobbyfile.ml/Bobby/fre.php

Intelligence


Mail intelligence
Trap location Impact
Global High
# of uploads 2
# of downloads 30
Origin country FR FR
ClamAV SecuriteInfo.com.Generic-EXE.UNOFFICIAL
CERT.PL MWDB Detection:n/a
Link: https://mwdb.cert.pl/sample/1a1d2e2e92bf727888cd26be51afe974ddb0e20f5c44c1415ef5830878ff2a7e/
ReversingLabs :Status:Malicious
Threat name:ByteCode-MSIL.Trojan.Kryptik
First seen:2020-06-30 13:09:03 UTC
AV detection:11 of 48 (22.92%)
Threat level:   5/5
Spamhaus Hash Blocklist :Malicious file
VirusTotal:No data

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

zip 1a1d2e2e92bf727888cd26be51afe974ddb0e20f5c44c1415ef5830878ff2a7e

(this sample)

  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment

Comments