MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 231a2f45a4219ebaf9491e1098bc12c7284e13dd22ed823aa670e7ec08a8c199. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 231a2f45a4219ebaf9491e1098bc12c7284e13dd22ed823aa670e7ec08a8c199
SHA3-384 hash: d63be1039cb04cc2e3e0289125f6f4675ccdd0b9d5e2667e78ba978af2536bb583316735ce1a9b427e3a8351e30cf919
SHA1 hash: d63fa67839081d60856cd48847ea4264724b8dda
MD5 hash: 8b05baaf849362adc0e5955b6d7883a4
humanhash: west-freddie-three-charlie
File name:QUOTE2020.pdf.gz
Download: download sample
Signature Loki
Create hunting rule
File size:172'990 bytes
First seen:2020-08-18 19:20:24 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 3072:jacxQ4iK4d6F9AGmu0zV4rYZfDRD+0TwaA7IwuWjB6wIPfidFt/knZ7EuGTQ:WuWK4d69dmu0Z+aDa7PueBpAKdTi7L
TLSH 40F313F61DEF516A6EC9C7470AF8D6BF3C3C9194DC9A2788A9B8D00156A36358C3483C
Reporter abuse_ch
Tags:gz Loki


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: mail.botevgrad.com
Sending IP: 84.22.5.30
From: Lisa Reitschuster <filko@okto7.com>
Subject: *TOP URGENT SUPPLY* QUOTE2020
Attachment: QUOTE2020.pdf.gz (contains "QUOTE2020.pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
55
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.Ep-7
Create hunting rule

PUA.Win.Packer.Embedpe-3
Create hunting rule

Sanesecurity.Malware.26990.GZipHeur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/231a2f45a4219ebaf9491e1098bc12c7284e13dd22ed823aa670e7ec08a8c199/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-08-18 18:04:07 UTC
AV detection:
27 of 48 (56.25%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=emnc6rneegplv6kjdyijrpasy4ue4e65elwyeovgodt6ycfiygmq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/231a2f45a4219ebaf9491e1098bc12c7284e13dd22ed823aa670e7ec08a8c199

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

gz 231a2f45a4219ebaf9491e1098bc12c7284e13dd22ed823aa670e7ec08a8c199

(this sample)

Loki

Executable exe 2c07db0899ca0694f0968ccbc4ce68b60356a8f832f9bc3875529fc0e35c8778

  
Dropping
MD5 83005f40d807395b48b6db94468d2724
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2c07db0899ca0694f0968ccbc4ce68b60356a8f832f9bc3875529fc0e35c8778

Comments