MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4bed361e53af14294554c95e85abe819c133d0bc44985706ec916ff20d58025a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4bed361e53af14294554c95e85abe819c133d0bc44985706ec916ff20d58025a
SHA3-384 hash: 41ef3d0cd2e261f7884bcbd2bc9b969b630c6ddcded57d6c866f241753b365426a0d014960bf2f97c1d2ba738ed0b3da
SHA1 hash: e7d98968323a8953d92a3d281521b20e576c7dfa
MD5 hash: 1212fe65421f6a219fdf63aa22570db5
humanhash: freddie-happy-beer-victor
File name:TNT Shipment Delivery Details.gz
Download: download sample
Signature Loki
Create hunting rule
File size:294'893 bytes
First seen:2020-10-26 14:14:56 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 6144:GMq3fdTZ4rj3xG/g/KRfGrNXJL3RaqpHg7bb:GfP/4rjhGwKZCNJL3X5g7H
TLSH 375423C05069CAEEB006ED786E69C40212905AB04FFD631850A636C76C3D7EF6FDE5D5
Reporter abuse_ch
Tags:gz TNT


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: xwx0.303.xoron.ml
Sending IP: 104.248.55.54
From: TNT INTERNATIONAL <tnt@303.xoron.ml>
Subject: TNT Consignment Notification for 8048387461
Attachment: TNT Shipment Delivery Details.gz (contains "TNT Shipment Delivery Details.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PWS.Stealer.21240.19333.18502.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4bed361e53af14294554c95e85abe819c133d0bc44985706ec916ff20d58025a/
Threat name:
ByteCode-MSIL.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-10-26 08:18:48 UTC
AV detection:
20 of 29 (68.97%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=jpwtmhstv4kcsrkuzfpilk7idhathuf4ismfobxmsfx7edkyajna._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

gz 4bed361e53af14294554c95e85abe819c133d0bc44985706ec916ff20d58025a

(this sample)

Loki

Executable exe dc6774a0be5163e262d1627628338ff9e5a3266401ca2c3af831a79049b365d3

  
Dropping
MD5 43672709b8024f598f9390a1c8be5a0a
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 dc6774a0be5163e262d1627628338ff9e5a3266401ca2c3af831a79049b365d3

Comments