MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5786e42aea8d5b74f88579d29a63af4d781d95d30d53713354195a1f89044683. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5786e42aea8d5b74f88579d29a63af4d781d95d30d53713354195a1f89044683
SHA3-384 hash: 9bddd4f0fbafd13efdf851b90cefc1df98b61ade87c315ff233065c0ef2f5ed8ebf813ae96b941c1b368fb8bc25c0467
SHA1 hash: 0d4cd90dd7f1ba7fc221975140d36d1a1c3b5de5
MD5 hash: a2a3df165bc5ffbae7ba8211278dd792
humanhash: grey-sodium-enemy-equal
File name:scan_0032992321.gz
Download: download sample
Signature Loki
Create hunting rule
File size:370'778 bytes
First seen:2020-08-03 11:34:29 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:gYXFvSDHaYUwH66hM/ibJ3wEtgzA0wN5tf9FjxwzgyHLTXQ2QcQG2:hVqD6YUwTNbpWA0m1mzdrTuG2
TLSH 3674234D13B1077F638179941E7BB702360E83A0E67682DB30D68DC5792FE255B887AE
Reporter abuse_ch
Tags:gz Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: infonet.com.vn
Sending IP: 162.144.74.195
From: Hebei Ocean Shipping Agency Ltd. <agencyqhd@hoscogroup.com>
Subject: Payment Advice
Attachment: scan_0032992321.gz (contains "scan_0032992321.exe")

Loki C2:
http://aqufd.com/zoro/zoro2/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

SecuriteInfo.com.Trojan.DownLoader34.17081.19453.3260.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.22739.ZipHeur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5786e42aea8d5b74f88579d29a63af4d781d95d30d53713354195a1f89044683/
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-08-03 11:36:07 UTC
AV detection:
20 of 48 (41.67%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=k6doikxkrvnxj6efphjjuy5pjv4b3fotbvjxcm2udfnb7ciei2bq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/5786e42aea8d5b74f88579d29a63af4d781d95d30d53713354195a1f89044683

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

zip 5786e42aea8d5b74f88579d29a63af4d781d95d30d53713354195a1f89044683

(this sample)

Loki

Executable exe 7d4f426890be9c55705465a92773cbd44a03d08c110a759d83c32b4a788b8f34

  
Dropping
MD5 92da1b08d945f03bdf4f1b48d45289ad
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7d4f426890be9c55705465a92773cbd44a03d08c110a759d83c32b4a788b8f34

Comments