MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3fff32ba7552323454b0fd406e36ba9220035e7a1e2432ae42336ffa84f4d35e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3fff32ba7552323454b0fd406e36ba9220035e7a1e2432ae42336ffa84f4d35e
SHA3-384 hash: d7339ecb978ed533a9daaeb3478504d8adbc4f91949afa0fdf66d6d75644206a7706f955780db6104e307e4ee1d34b43
SHA1 hash: 1abfd40c4dcfa1105eb164599db67ed2e51508ef
MD5 hash: d3f0dcfed7b0fbf571ddca807c7c3f0a
humanhash: jersey-cold-october-bluebird
File name:DHL NO-010022344533622534.gz
Download: download sample
Signature Loki
Create hunting rule
File size:403'909 bytes
First seen:2020-08-03 07:14:44 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 12288:AxEhZLEuFy3hHHG/nphPHuYvnfmXf5kW/:Wai5xnunphWYfmH/
TLSH 538423A13923DACE94778C2A0558A52F4507F8C58FCCB52D1B598B96D0BF03EB6E41F8
Reporter abuse_ch
Tags:DHL gz Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: slot0.broosom.com
Sending IP: 104.168.201.193
From: DHL Express <info@broosom.com>
Subject: DHL NO:-010022344533622534
Attachment: DHL NO-010022344533622534.gz (contains "DHL NO-010022344533622534.exe")

Loki C2:
http://kboyud.com/doc/five/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
58
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3fff32ba7552323454b0fd406e36ba9220035e7a1e2432ae42336ffa84f4d35e/
Threat name:
Win32.Trojan.Pwsx
Create hunting rule
Status:
Malicious
First seen:
2020-08-03 07:16:06 UTC
AV detection:
6 of 48 (12.50%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=h77tfotvkizdivfq7vag4nv2siqagxt2dysdflscgnx7vbhu2npa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/3fff32ba7552323454b0fd406e36ba9220035e7a1e2432ae42336ffa84f4d35e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

gz 3fff32ba7552323454b0fd406e36ba9220035e7a1e2432ae42336ffa84f4d35e

(this sample)

Loki

Executable exe 2da5a5b8cdbb40f408d11f1d9dddc7d92e3eb42e88b7d7641cef839b90561aed

  
Dropping
MD5 a8ea1963b3fbb6793644e08fd26d901d
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2da5a5b8cdbb40f408d11f1d9dddc7d92e3eb42e88b7d7641cef839b90561aed

Comments