MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5090d3b222b5e216376b631313f96a153cee48fabc72a2f476ac4bc1fded6a0e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 2 File information 4 Yara Comments

SHA256 hash: 5090d3b222b5e216376b631313f96a153cee48fabc72a2f476ac4bc1fded6a0e
SHA3-384 hash: ed84efbd3cf990f92d14bea00f41add6f5bba9c83f474a9fde327b7d59b89b993a4f513e3a6546c980401c63b8621243
SHA1 hash: ba53f62ac162e9d9c2fb1f3205f0c2e2f046a8b0
MD5 hash: 2cc360693e2c4a23df441fcc59dbc42e
humanhash: seven-river-wisconsin-ceiling
File name:Purchase Order 29-06-2020 Linkwell Lndustry Co., Ltd.zip
Download: download sample
Signature Loki
File size:349'563 bytes
First seen:2020-06-30 13:14:10 UTC
Last seen:2020-06-30 18:29:36 UTC
File type: zip
MIME type:application/zip
ssdeep 6144:L0SDVXHQC43PbdTEBKSxuZaWDFwyWKyfj5Gw6E+FMSCGfZOmyOp3eML:1ZXHQCmTEfxwFVej6JMOf9p1L
TLSH 7D742339D17F6D426F53E023C624D1763782E0E25397E9E7DF66484BE8A8C42E5EC680
Reporter @abuse_ch
Tags:Loki zip


Twitter
@abuse_ch
Malspam distributing Loki:

HELO: gmail.com
Sending IP: 107.173.40.221
From: Christine Wang <sales@gmail.com>
Subject: Purchase Order 29-06-2020 Linkwell Lndustry Co., Ltd
Attachment: Purchase Order 29-06-2020 Linkwell Lndustry Co., Ltd.zip (contains "Purchase Order 29-06-2020 Linkwell Lndustry Co., Ltd.exe")

Loki C2:
http://coolgirlsnation.com/wp-includes/pomo/hu/fre.php

Intelligence


Mail intelligence
Trap location Impact
Global High
NL Netherlands Low
# of uploads 2
# of downloads 27
Origin country FR FR
ClamAV SecuriteInfo.com.Win32.Herz.B.23927.UNOFFICIAL
PUA.Win.Adware.Slugin-6803969-0
PUA.Win.Adware.Slugin-6840354-0
SecuriteInfo.com.Variant.Zusy.307895.13627.19246.UNOFFICIAL
CERT.PL MWDB Detection:n/a
Link: https://mwdb.cert.pl/sample/5090d3b222b5e216376b631313f96a153cee48fabc72a2f476ac4bc1fded6a0e/
ReversingLabs :Status:Malicious
Threat name:Win32.Trojan.Injector
First seen:2020-06-30 13:16:06 UTC
AV detection:26 of 48 (54.17%)
Threat level:   2/5
Spamhaus Hash Blocklist :Malicious file
VirusTotal:Virustotal results 33.33%

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

zip 5090d3b222b5e216376b631313f96a153cee48fabc72a2f476ac4bc1fded6a0e

(this sample)

  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment

Comments