MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3086de80bc801980e104f92b4170f025e389edd2ec007efd3b741aecc7bb4efa. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3086de80bc801980e104f92b4170f025e389edd2ec007efd3b741aecc7bb4efa
SHA3-384 hash: b7305f56a7d29e20fe6cbdfba122a14c24c4478efea82607cd0cc658b8b8324686daa13c47261ef883603c17d8e2d9e5
SHA1 hash: c2abe1470a43cd1de5af8ad7a710f1cc3d89d21c
MD5 hash: b77278bf90c26c2e6136a2ecd6a24b55
humanhash: fourteen-stairway-edward-kilo
File name:DHL_AWB_INV_9882900_99862788_998.rar
Download: download sample
Signature Loki
Create hunting rule
File size:240'095 bytes
First seen:2020-07-22 09:16:51 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:CXQeGYOKv+Mrx47FoQaFoCcQLH3vJ4lG61eXtGIMpyx/JDoco:CXFGYZV4cuCXH21e9GIMp23o
TLSH 9A342268C7F36610E6DBD3C638148546157E18A7CC941BC5A60F22A2C36E6B10E9FDEB
Reporter cocaman
Tags:Loki rar


Avatar
cocaman
Malicious email
From: DHL | Express Shipping <dhlexpress.billingid@dhl.com>
Received: from cityocean.com (unknown [5.101.151.27])
Date: 22 Jul 2020 01:25:23 -0700
Subject: Urgent: Shipping Documents (Reminder)
Attachment: DHL_AWB_INV_9882900_99862788_998.rar

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3086de80bc801980e104f92b4170f025e389edd2ec007efd3b741aecc7bb4efa/
Threat name:
Win32.Trojan.Ymacco
Create hunting rule
Status:
Malicious
First seen:
2020-07-22 09:18:08 UTC
File Type:
Binary (Archive)
Extracted files:
20
AV detection:
17 of 29 (58.62%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=gcdn5af4qamybyie7evuc4hqexryt3os5qah57j3oqnozr53j35a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/3086de80bc801980e104f92b4170f025e389edd2ec007efd3b741aecc7bb4efa

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

rar 3086de80bc801980e104f92b4170f025e389edd2ec007efd3b741aecc7bb4efa

(this sample)

Loki

Executable exe cbc70c1d22d048520b982580b3631b4d766611421d603afc130e279fdcaa80bd

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 cbc70c1d22d048520b982580b3631b4d766611421d603afc130e279fdcaa80bd
  
Dropping
Loki

Comments