MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 44ee977d9449db255575b655a75b5d2dd145e4db27611fc25d4b95413eced8c0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 44ee977d9449db255575b655a75b5d2dd145e4db27611fc25d4b95413eced8c0
SHA3-384 hash: 7d2466231574be5bba7ec25407f259f1b9960aeeaf669e7e2b78dbae5fda266ee13f8de56f248ea3a8bb13521496f6f2
SHA1 hash: 37ca04049e517f96e3e8881d3b00748cf2444865
MD5 hash: 911de7e70f1fb4df25beb8891d7974ef
humanhash: india-freddie-december-colorado
File name:G-6463 _inquiry_rev01_26_08_2020.zip
Download: download sample
Signature Loki
Create hunting rule
File size:461'621 bytes
First seen:2020-08-27 08:02:33 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:22osqQP9+0hzJskopmF9W6r0wSOBClyyUtTf/1n37C:22osqQ7FJskoiv0wSOg4yUtT3dW
TLSH 91A423F6BF5F8CA1BA631758BEC689989520FFD39729BF408C9191C3876992D260D030
Reporter abuse_ch
Tags:Loki zip


Avatar
abuse_ch
Malspam distributing Loki:

HELO: server.macartajans.com
Sending IP: 89.252.130.69
From: Joyce <manuz-e@marudeni.com>
Subject: GLES Inquiry G-6463
Attachment: G-6463 _inquiry_rev01_26_08_2020.zip (contains "G-6463 _inquiry_rev01_26_08_2020.exe")

Loki C2:
http://basungaintl.gq/wapi1/logs/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/44ee977d9449db255575b655a75b5d2dd145e4db27611fc25d4b95413eced8c0/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-08-27 08:04:06 UTC
AV detection:
12 of 48 (25.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=itxjo7mujhnskvlvwzk2ow25fxiulzg3e5qr7qs5jokucpwo3daa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/44ee977d9449db255575b655a75b5d2dd145e4db27611fc25d4b95413eced8c0

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

zip 44ee977d9449db255575b655a75b5d2dd145e4db27611fc25d4b95413eced8c0

(this sample)

Loki

Executable exe 35a38e46b89b6145d415c29cf2a3d5c746e2f8b6728fc1a0a4d78865e7ed9b59

  
Dropping
MD5 8700dcd16f64954b54aedaff03aad8a0
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 35a38e46b89b6145d415c29cf2a3d5c746e2f8b6728fc1a0a4d78865e7ed9b59

Comments