MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4bf98ac526bc8934c36a9bb8d827d73bf4fe87c6bd97fe147d9e0ec8a0d5c89d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4bf98ac526bc8934c36a9bb8d827d73bf4fe87c6bd97fe147d9e0ec8a0d5c89d
SHA3-384 hash: 729036b8788a7c2a07b280ee8a0632ba3c37e597c0ba6225a44dea82db3c7f900bf2e8e40e31d282a467669651297a96
SHA1 hash: 64616bbc60cef4fe023c0173bcad78e3f0174f2f
MD5 hash: bbd3b6f25a77154c5a7d32c497b28e62
humanhash: ten-network-minnesota-angel
File name:SHIPCP_TRANSPORT_BILL_OF_LADING.PDF.gz
Download: download sample
Signature Loki
Create hunting rule
File size:472'492 bytes
First seen:2020-06-17 05:37:36 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 12288:Glb07V5ER4p8GiywUPFVQ1ZLndTuODmvvdU3Le:GVEV5M46GOpZLnRultU6
TLSH 48A423F8AD5CA60A5D3204BF25D4C7C9C97C19BF2A8756AD2BD4460ECC43482DE9F492
Reporter abuse_ch
Tags:gz Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: host.sidhiciang.net
Sending IP: 67.222.24.138
From: Reza, Shipco Transport, Jakarta <tax@suryaindo.com>
Subject: NEED ADJUSTMENT MANIFEST // BILL OF LADING // 19146799 // ETA JKT 17 June 2020
Attachment: SHIPCP_TRANSPORT_BILL_OF_LADING.PDF.gz (contains "SHIPCP_TRANSPORT_BILL_OF_LADING.PDF.exe")

Loki C2:
http://purinex.co.id/k2/Panel/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Adware.Generic4.BBFB.UNOFFICIAL
Create hunting rule

PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Gathering data
Threat name:
Win32.Infostealer.Chisburg
Create hunting rule
Status:
Malicious
First seen:
2020-06-17 05:39:03 UTC
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=jp4yvrjgxsetjq3kto4nqj6xhp2p5b6gxwl74fd5tyhmrigvzcoq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

gz 4bf98ac526bc8934c36a9bb8d827d73bf4fe87c6bd97fe147d9e0ec8a0d5c89d

(this sample)

Loki

Executable exe e4632cb7a8a3bf9d0341219f0fa8562c7baf009b2306b149be7e95ae41027405

  
Dropping
MD5 1a9c8bdfd0cd5d39cccca408ec924ed7
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e4632cb7a8a3bf9d0341219f0fa8562c7baf009b2306b149be7e95ae41027405

Comments