MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2b86043fcc5c33615452217f6fa966b3cbf70b942a6b67676e4b6d791885ff81. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2b86043fcc5c33615452217f6fa966b3cbf70b942a6b67676e4b6d791885ff81
SHA3-384 hash: 8d3150bb863d212e2c8b0c21118994035f81d021922a488b489e599795cf2bb01cfe85609dc68223945246264ca5070c
SHA1 hash: 6e85e7ee0b59448aeb045466de88cce4cfa93571
MD5 hash: ddd630da79c4ef862bd043d99f5b1667
humanhash: glucose-football-twelve-spring
File name:ZBZ STATEMENT.rar
Download: download sample
Signature Loki
Create hunting rule
File size:634'728 bytes
First seen:2020-11-04 12:37:43 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:+pIlP+39Fa59Lhhj+NyabrV1kCh/Wag+cWyN6AlAvPjQN7Cs3vxgyf:+KZOF6VaIat1thOaVyLiQN1vDf
TLSH 24D42338EB66BC2D0120175A1E3C0B5DE3A83BC75F317516D5B9D223E41586F02ABFA6
Reporter cocaman
Tags:Loki rar


Avatar
cocaman
Malicious email (T1566.001)
From: "Shirley See <accounts@zbzglobal.com>"
Received: "from server.filmworld.tv (server.filmworld.tv [70.32.31.17]) "
Date: "Wed, 04 Nov 2020 05:31:05 +0500"
Subject: "=?UTF-8?Q?RE=3A_Tr=E1=BA=A3_l=E1=BB=9Di=3A_STATEMENT_OF_ACCOUNT_?=
=?UTF-8?Q?-_USD_3=2C179=2E12_//_INVOICE?="
Attachment: "ZBZ STATEMENT.rar"

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2b86043fcc5c33615452217f6fa966b3cbf70b942a6b67676e4b6d791885ff81/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-11-04 02:01:57 UTC
File Type:
Binary (Archive)
Extracted files:
4
AV detection:
9 of 48 (18.75%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=fodaip6mlqzwcvcsef7w7klgwpf7oc4ufjvwoz3ojnwxsgef76aq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

rar 2b86043fcc5c33615452217f6fa966b3cbf70b942a6b67676e4b6d791885ff81

(this sample)

Loki

Executable exe d565ab7ba182e34ed88578e2219c34071a449f1841d4ba22e555be279ce626c3

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d565ab7ba182e34ed88578e2219c34071a449f1841d4ba22e555be279ce626c3
  
Dropping
Loki

Comments