MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 25dfb97acd58972c16651dd37ec5df5c6b342332d446e1b0c4b5c883a24c626d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 25dfb97acd58972c16651dd37ec5df5c6b342332d446e1b0c4b5c883a24c626d
SHA3-384 hash: fd879bcd292e07517b364a10fa3ea82173060706aef97a2bbc3fc281d515eab6d6002174649f5a04678bc251ce0c42ea
SHA1 hash: 02906cba9c92920b524a747c22ba8d9869fba209
MD5 hash: 839bc8b52f1abe7da312e3365b8cdb7c
humanhash: blossom-maryland-mississippi-tennessee
File name:New Purchase Order DOC.gz
Download: download sample
Signature Loki
Create hunting rule
File size:446'580 bytes
First seen:2020-06-24 05:43:27 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:ShALOF25dS2rASUjLaik15rxxqq5ppPKmu:ShALOFmcWvMaiMTxPc
TLSH 4794235EACF8EBFF20B2D13F866611DF98A8797080A4885F0CDDD841D3926066A51DCF
Reporter abuse_ch
Tags:gz Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: mail.geveresintl.ga
Sending IP: 185.94.191.33
From: josh@geveresintl.ga
Subject: Re: New Purchase Order and BL
Attachment: New Purchase Order DOC.gz (contains "New Purchase Order DOC.exe")

Loki C2:
http://137.74.86.140/workabroad/logs/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.AIT.Trojan.Nymeria.1583.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/25dfb97acd58972c16651dd37ec5df5c6b342332d446e1b0c4b5c883a24c626d/
Threat name:
Win32.Trojan.Pws
Create hunting rule
Status:
Malicious
First seen:
2020-06-24 05:45:05 UTC
AV detection:
29 of 48 (60.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=exp3s6wnlclsyftfdxjx5ro7lrvtiizs2rdodmgewxeihismmjwq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

zip 25dfb97acd58972c16651dd37ec5df5c6b342332d446e1b0c4b5c883a24c626d

(this sample)

Loki

Executable exe a08f234d2cbb47d289c2cf29d299113049344c7ddf0176256ebc9b65b886554f

  
Dropping
MD5 fcd644be4d1c05013af02d9536b0eb4e
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a08f234d2cbb47d289c2cf29d299113049344c7ddf0176256ebc9b65b886554f

Comments