MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 33c9a6a32a13a51ca4706ecc9ada03dc5d8a680270101ade992a77c04c1fdf98. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 33c9a6a32a13a51ca4706ecc9ada03dc5d8a680270101ade992a77c04c1fdf98
SHA3-384 hash: 6e122a70d97dabfc4dbdaa49244e6129bf7fc6c1d73e14ce64c896b8fed6a6a4a38d6167272155beb80a342d53742688
SHA1 hash: ffb704dd4f989688c9ed10de07bed3456bbf701a
MD5 hash: 8922d589464f61b0547b56c922d7dc8b
humanhash: magazine-utah-bluebird-bacon
File name:TT Slip.gz
Download: download sample
Signature Loki
Create hunting rule
File size:293'922 bytes
First seen:2020-06-11 05:44:07 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:paYEX/BwdJgtG6goC8tgVzXfWAQ5Xqc725nlU+TR/puWDAwWKfrO:qWdJgA628kQ5X+lnxGXz
TLSH 6054238BB6213C1D9850A24D9ED6A6536A0A8DE1FD97D17B1EF583F32084F33099234F
Reporter abuse_ch
Tags:gz Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: mm0.mmmpics.com
Sending IP: 86.105.1.121
From: Cash Management Operations <info@abiexport.icu>
Reply-To: Cash Management Operations <cash.management@cjcasht.info>
Subject: PENDING OUTWARD REMITTANCE(S) - Attached Transaction reference
Attachment: TT Slip.gz (contains "TT Slip.exe")

Loki C2:
http://sportsgroup-hk.com/five/bryt1/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
56
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-11 05:46:08 UTC
AV detection:
31 of 48 (64.58%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=gpe2nizkcosrzjdqn3gjvwqd3royu2acoaibvxuzfj34ata736ma._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

zip 33c9a6a32a13a51ca4706ecc9ada03dc5d8a680270101ade992a77c04c1fdf98

(this sample)

Loki

Executable exe 3cc1efea64d7e6952a57ce58fd01afed8fdcedc58b553bd9090c63ca8fa8bf89

  
Dropping
MD5 27c90af6339784fbef780a27e49554a6
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 3cc1efea64d7e6952a57ce58fd01afed8fdcedc58b553bd9090c63ca8fa8bf89

Comments