MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5368dfcec271872818b3a36a2d3262725e921c404cf6d47914d98320e876834c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5368dfcec271872818b3a36a2d3262725e921c404cf6d47914d98320e876834c
SHA3-384 hash: 2fca2cb3a9bf6157fe49d4eceb9b21d87a3368b14dd42d068152332aded49a778ecab6ce35b1fa8fc251ba79c4599c2d
SHA1 hash: 1e2419ecedf2761d2c17d6d8b55358c712e6f676
MD5 hash: a6358b67d9f20aeb53801d8d3323d1d9
humanhash: early-july-may-enemy
File name:COMPLETE DOCUMENTS_pdf.gz
Download: download sample
Signature Loki
Create hunting rule
File size:138'385 bytes
First seen:2020-10-26 14:08:00 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 3072:9FbzwC+jkLnNA5zyMXDfd/UJnSkowjP5Sf9trptbR/:9tUhjMNApynJTowLqpF5
TLSH 36D312EE49D6F16BE1C4857924F0B4EA5A7821C67CBADC80E5E08C7075CEE0DD58EC88
Reporter abuse_ch
Tags:gz Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: alnassar.com.sa
Sending IP: 162.244.93.110
From: Saleh Mohammed <saleh.moh@fedex.com>
Subject: RE: [EXTERNAL] PRICE
Attachment: COMPLETE DOCUMENTS_pdf.gz (contains "COMPLETE DOCUMENTS_pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
59
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27382.Rar5Heur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5368dfcec271872818b3a36a2d3262725e921c404cf6d47914d98320e876834c/
Threat name:
ByteCode-MSIL.Backdoor.Crysan
Create hunting rule
Status:
Malicious
First seen:
2020-10-26 04:53:55 UTC
AV detection:
15 of 29 (51.72%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=knun7twcogdsqgftunvc2mtcojpjehcajt3ni6iu3gbsb2dwqnga._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

gz 5368dfcec271872818b3a36a2d3262725e921c404cf6d47914d98320e876834c

(this sample)

Loki

Executable exe e43b036b365464be6b4b5e69231fa9d14a762d572e11bd1b2efd671bfbf4cf5f

  
Dropping
MD5 c6a14cf2840477ee776dad9d54c68d1c
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e43b036b365464be6b4b5e69231fa9d14a762d572e11bd1b2efd671bfbf4cf5f

Comments