MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 32787228ba4b19d305d0b9520c28e379f729b78828bce795e8fe6cfa769950b7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 32787228ba4b19d305d0b9520c28e379f729b78828bce795e8fe6cfa769950b7
SHA3-384 hash: ab48dfad614031f064616604aecbaaf8dba61133172c2f8dd38a0114e9a7cc136ae0ff3bba76331605933c5562a76d0e
SHA1 hash: f53c7def28056817c778a1f5e397c9a716fd3a3b
MD5 hash: 7d7a8324e4292dc4b1e3fefc813e2f27
humanhash: comet-magnesium-april-mexico
File name:BL-shipping-zip.arj
Download: download sample
Signature Loki
Create hunting rule
File size:710'057 bytes
First seen:2020-05-13 06:13:37 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:Om2BzCWikUAPK7bFI04DHbrYmZ3rvWHXdfwZZjZ0eyiMfRHbD3d4Df5hrQXtIh:OTBzDVUAi7bGnDHHbZbvCdfwZZOZfNdO
TLSH 7DE423283C9A693D14680E5BF245321BED391CFE33963F69E826DBC3B6C26151D2E135
Reporter abuse_ch
Tags:arj Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: pkz49-2-spamexpert2.hoster.kz
Sending IP: 185.111.104.47
From: a.zhunysova@shanyrak-group.kz
Subject: RV: GS1-2001402-1-7533, Cust. Ref. No. DL2070, Trailer No. TML116
Attachment: BL-shipping-zip.arj (contains "BL-shipping-pdf.exe")

Loki C2:
http://eocaenlogistics.com/data/five/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.PSW.Agent.BORA.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.25906.ZipHeur.BadExt.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-13 06:36:54 UTC
File Type:
Binary (Archive)
Extracted files:
27
AV detection:
22 of 48 (45.83%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=gj4hekf2jmm5gboqxfjaykhdph3stn4ifc6opfpi7zwpu5uzkc3q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

zip 32787228ba4b19d305d0b9520c28e379f729b78828bce795e8fe6cfa769950b7

(this sample)

Loki

Executable exe 71f0b9fb2f57cc170b742c61535c5c657609766c18b00ef1e08cf737954a7433

  
Dropping
MD5 23cf9968494b65119e646db305b49a74
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 71f0b9fb2f57cc170b742c61535c5c657609766c18b00ef1e08cf737954a7433

Comments