MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4d45a34384785873a039bc7c95cdd38c054eede75d9c260f19a07862a5adc724. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4d45a34384785873a039bc7c95cdd38c054eede75d9c260f19a07862a5adc724
SHA3-384 hash: 4a3e370afb98fcb076be93d9bdaf040adc71b3b226b9dd7bd72858fc58e77de30cde642096bc395f3a471103ea9152e6
SHA1 hash: c9e6164eeac1f85954a3d5c824d1bbcb17978980
MD5 hash: 000950a5b59fb0367a728161f4af8f80
humanhash: enemy-hot-oven-fix
File name:294716.rar
Download: download sample
Signature Loki
Create hunting rule
File size:292'126 bytes
First seen:2020-05-20 08:42:25 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:4MIgFsAyVWeizw86Al5J+U1VpogXYZUoswr4d439YjVrJm/AOCR1M7:Iv+Mvi5YOVpZUswr4yajGIO0y
TLSH 3D5423249908AAFFE12B3C2A643015F447694493D9DD899895B2F8E3D7E30D50EB72FC
Reporter abuse_ch
Tags:Loki rar


Avatar
abuse_ch
Malspam distributing Loki:

HELO: pooh.calderra.com
Sending IP: 195.234.138.6
From: ARYA GROUP <varun.pillai@arya.in>
Subject: Order
Attachment: 294716.rar (contains "294716.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-20 09:36:06 UTC
File Type:
Binary (Archive)
Extracted files:
296
AV detection:
21 of 48 (43.75%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=jvc2gq4epbmhhibzxr6jltotrqcu53phlwocmdyzub4gfjnny4sa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

rar 4d45a34384785873a039bc7c95cdd38c054eede75d9c260f19a07862a5adc724

(this sample)

Loki

Executable exe d595ed8ee79ab93b1cf41cadda5564d18d109a6c0bef6d83ca8e5fed5ac393bb

  
Dropping
MD5 33b1576bc081a1232bf81cda14503b02
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d595ed8ee79ab93b1cf41cadda5564d18d109a6c0bef6d83ca8e5fed5ac393bb

Comments