MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3ca0c535facf1595643b0646d2d2c35c81da98e319461677447171d95735dbb5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3ca0c535facf1595643b0646d2d2c35c81da98e319461677447171d95735dbb5
SHA3-384 hash: e8d212f966dddeff032230ae0ebd5285563e54417f91a6fd6f7b43e1e0ea4e59bdfc1fabfdc564fa223aec731a23f7b0
SHA1 hash: 64b5a688c3ad457e6ef5ac04143c863553e378ca
MD5 hash: 54975da21f517567a5597c39a5c69458
humanhash: tango-magnesium-california-monkey
File name:documentos de pago.img
Download: download sample
Signature Loki
Create hunting rule
File size:1'376'256 bytes
First seen:2021-01-13 20:13:52 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 6144:bHXVKkkeZQjz0frDML8Rv+vOf4ikNOt/0CL5Glvd99j0ah2/a0XJtbmylf/6aXnI:b3PZQMfqqyx7/idPUn+9LQstygsWA9L
TLSH 3A554B51ABD19700E7FC26FE2860006127F5FA26F6B8D66DDC8170B95F62A2805FD393
Reporter abuse_ch
Tags:ESP geo img Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: smarthost1.gohsphere.com
Sending IP: 173.0.129.225
From: A&N Forwarding, INC. <facturacion@anforwarding.com>
Subject: Aviso de pago - Ref. Aviso[G1117599144] / Pago prioritario
Attachment: documentos de pago.img (contains "documentos de pago.PDF.exe")

Loki C2:
http://51.195.53.221/p.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
171
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Iso_fs1729.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3ca0c535facf1595643b0646d2d2c35c81da98e319461677447171d95735dbb5/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2021-01-13 20:14:11 UTC
AV detection:
12 of 46 (26.09%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=hsqmknp2z4kzkzb3azdnfuwdlsa5vghddfdbm52eofy5svzv3o2q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/3ca0c535facf1595643b0646d2d2c35c81da98e319461677447171d95735dbb5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

img 3ca0c535facf1595643b0646d2d2c35c81da98e319461677447171d95735dbb5

(this sample)

Loki

Executable exe 8d8a89300b4181a94e643c905af2518999195c6c9ada68e66d64be4ef3af42fe

  
Dropping
MD5 449a403a895a0beb86e417a9d15d87f5
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 8d8a89300b4181a94e643c905af2518999195c6c9ada68e66d64be4ef3af42fe

Comments