MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 41b16dc098db364a7be4f2555037e0cd9be1e21e2f0aa031567e839cc837be00. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 41b16dc098db364a7be4f2555037e0cd9be1e21e2f0aa031567e839cc837be00
SHA3-384 hash: 868ddd4093f8c31b5058be4b4a79bbdb0cab0d18e6a6a684773512b118d71e0d0b9de4c46ad62a79e139ddaddb89b3e8
SHA1 hash: 7474ff3a6ca53f3a4e297b31296de41a2c6c899b
MD5 hash: 2a53757cbee565301459d03022939923
humanhash: illinois-king-delta-lamp
File name:New order.rar
Download: download sample
Signature Loki
Create hunting rule
File size:557'959 bytes
First seen:2021-01-14 20:04:02 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:GMVoZti1oRY6ITxofns83EolO0uswOwy9CE4jqJfgF:GM47oEC5owOb+qJYF
TLSH AFC423926394D49C3173179EC1B8E167D08B70F78772462218A865E4D9997CAF0FFC2B
Reporter abuse_ch
Tags:GoDaddy rar


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: p3plsmtp26-03-25.prod.phx3.secureserver.net
Sending IP: 216.69.139.27
From: biuro@kancelaria-tw.pl
Subject: Nuevo pedido- # 04178958
Attachment: New order.rar (contains "UWiGTSNxQPXd91q.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
147
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/41b16dc098db364a7be4f2555037e0cd9be1e21e2f0aa031567e839cc837be00/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2021-01-14 20:05:06 UTC
AV detection:
9 of 46 (19.57%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=igyw3qey3m3eu67e6jkvan7azwn6dyq6f4fkamkwp2bzzsbxxyaa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/41b16dc098db364a7be4f2555037e0cd9be1e21e2f0aa031567e839cc837be00

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

rar 41b16dc098db364a7be4f2555037e0cd9be1e21e2f0aa031567e839cc837be00

(this sample)

Loki

Executable exe e526ef5ac384b5c6a5f1d844fe88752223a2df5b9fb01389df09155ba5b98cf7

  
Dropping
MD5 6234a51bc75e744df7073b66bd6d8855
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e526ef5ac384b5c6a5f1d844fe88752223a2df5b9fb01389df09155ba5b98cf7

Comments