MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2c4a1d3d71ac0d61557021ad9ac8536fc1b6d6e2d9dd44da2d6d73c367bb078d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2c4a1d3d71ac0d61557021ad9ac8536fc1b6d6e2d9dd44da2d6d73c367bb078d
SHA3-384 hash: be1f16eb5a45bf6669a11152e2d384ab2cc240787adffb5a1cf1421a5f24429b1e4ca65bc2462457a95d63775f0da67c
SHA1 hash: 81b32d55ba60cc7c468a6b4eb59e36ac95e405ed
MD5 hash: fea5aca5433cb9de392e6e911e4b6dab
humanhash: winter-sink-tango-oranges
File name:Enquiry 3700013971 21032020.gz
Download: download sample
Signature Loki
Create hunting rule
File size:178'352 bytes
First seen:2020-05-13 06:17:16 UTC
Last seen:2020-05-13 06:21:07 UTC
File type: gz
MIME type:application/gzip
ssdeep 3072:3yKcv3N0HFHgqzB+iJYddCpjeerOa55QY/xqlzmuu69nq:3dGN0HFAqzBoDOeYOmQsxqlquu69nq
TLSH BB0412AC98974693D55DBB1D16953F9896CDC8CCE3A60C2C41D6C2B3A060CF5A9C1FF4
Reporter abuse_ch
Tags:gz Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: irisinnovations.in
Sending IP: 185.222.58.150
From: Faith Lang <office@irisinnovations.in>
Subject: Enquiry 3700013971 21/03/2020
Attachment: Enquiry 3700013971 21032020.gz (contains "gunzipped")

Loki C2:
http://scarfponcho.com/notsite/five/fre.php

Intelligence

File Origin
# of uploads :
2
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Artemis64FBEC941281.4960.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-13 06:36:52 UTC
File Type:
Binary (Archive)
Extracted files:
4
AV detection:
21 of 31 (67.74%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=frfb2plrvqgwcvlqegwzvsctn7a3nvxc3houjwrnnvz4gz53a6gq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

gz 2c4a1d3d71ac0d61557021ad9ac8536fc1b6d6e2d9dd44da2d6d73c367bb078d

(this sample)

Loki

Executable exe 9d78978a90924215994a1fc247c71d55f8480c19aacc76fed9c62cf27b3eb985

  
Dropping
MD5 64fbec941281f3d775df5edec0503784
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 9d78978a90924215994a1fc247c71d55f8480c19aacc76fed9c62cf27b3eb985

Comments