MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 361400ab7b7af5701a9469f0f1a0a87af260985fc416a4efa43bf0fc5cd98e03. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 361400ab7b7af5701a9469f0f1a0a87af260985fc416a4efa43bf0fc5cd98e03
SHA3-384 hash: 362ef25a38cf1f8c4128c6ad24d86ca949c56111356c31e769777855075c261a16408fa1eceef599ccd7b20e79cf7c03
SHA1 hash: 1d976dba39cf737157d9ce634691790d22736bc0
MD5 hash: dadfa22c4ba413f42d6033f1a91aafe4
humanhash: august-mountain-social-nine
File name:ORDER 5051.gz
Download: download sample
Signature Loki
Create hunting rule
File size:403'016 bytes
First seen:2020-11-19 07:06:14 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:ZMFEsn8Eda8vnglALG/vGClONZIpjvtLL8OU:ZAxdamglALGnGGOoFtPW
TLSH EB8423B54F6925659F1097E321BA2C43954EE3C05C2AF3ED8ED833E92473428B567F82
Reporter abuse_ch
Tags:gz Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: server.multibadi.co.id
Sending IP: 150.107.150.56
From: Tamar Goudswaard <Tamar.Goudswarrd@lifefitness.com>
Reply-To: tamar.Goodswaard@lifefitness.com
Subject: RE: Shipping quotation for order S5051
Attachment: ORDER 5051.gz (contains "TQ-06871.exe")

Loki C2:
http://lmpulsefashion.net/bryt/bryt1/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
92
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Result
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/361400ab7b7af5701a9469f0f1a0a87af260985fc416a4efa43bf0fc5cd98e03/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-11-19 07:07:03 UTC
AV detection:
16 of 48 (33.33%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=gykabk33pl2xaguunhypdifiplzgbgc7yqlkj35ehpypyxgzrybq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

zip 361400ab7b7af5701a9469f0f1a0a87af260985fc416a4efa43bf0fc5cd98e03

(this sample)

Loki

Executable exe bab97b155caa4857a88b01d1b2a74b051461334eacff27b380117026e13889f1

  
Dropping
MD5 fc19d5df31cef8e1244adb8a4fe398c3
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 bab97b155caa4857a88b01d1b2a74b051461334eacff27b380117026e13889f1

Comments