MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4689d681fde8246fc37dc6ea3d49342941d48fba1cd01d2e12b883bae84cc79f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4689d681fde8246fc37dc6ea3d49342941d48fba1cd01d2e12b883bae84cc79f
SHA3-384 hash: db9d7e74f9269ba45336da13764e46b329880d95336d4cf23f8f0ae4819b733faed2c4e19c62ce7ffd4172fc9e1e4c76
SHA1 hash: b9db466ac792cf1bdc9f3525237d50a827bf244e
MD5 hash: 0e2353b259088c7721e7542de2f84f72
humanhash: single-xray-hotel-kansas
File name:WB0FOr24i9mmoVR.rar
Download: download sample
Signature Loki
Create hunting rule
File size:476'994 bytes
First seen:2020-10-27 13:00:13 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:uqU4VFkUylfQqA/sW/ql1+nKZ/G+f5OdYtFNydGSJ:hVcasW/qyn4ciHNAGSJ
TLSH 3EA423E135E2028E0A98FEDB2BCFC94850AF5D12C5050FB9F3227306D72B616997D85B
Reporter abuse_ch
Tags:Loki rar


Avatar
abuse_ch
Malspam distributing Loki:

HELO: server.filmworld.tv
Sending IP: 70.32.31.17
From: lfsfrn.operations@liftfreight.com
Reply-To: pkd.lycheu@gmail.com, pkd.lycheu@gmail.com
Subject: NEED NEW TAX INVOICE PO#140798
Attachment: WB0FOr24i9mmoVR.rar (contains "WB0FOr24i9mmoVR.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4689d681fde8246fc37dc6ea3d49342941d48fba1cd01d2e12b883bae84cc79f/
Threat name:
ByteCode-MSIL.Backdoor.Androm
Create hunting rule
Status:
Malicious
First seen:
2020-10-27 09:09:59 UTC
AV detection:
14 of 29 (48.28%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=i2e5nap55asg7q35y3vd2sjuffa5jd52dtib2lqsxcb3v2cmy6pq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/4689d681fde8246fc37dc6ea3d49342941d48fba1cd01d2e12b883bae84cc79f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

rar 4689d681fde8246fc37dc6ea3d49342941d48fba1cd01d2e12b883bae84cc79f

(this sample)

Loki

Executable exe be91b72c94c4281dccf3b70bc7218bd4b7fd5f64a6575ef7d9054784a9cc5516

  
Dropping
MD5 770faa013d07571d700e2367bbffcd0b
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 be91b72c94c4281dccf3b70bc7218bd4b7fd5f64a6575ef7d9054784a9cc5516

Comments