MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5ce7ce3e81ae8a7e35b9a2476ef0f1061670ec46627037511070ec8f3a1480b0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5ce7ce3e81ae8a7e35b9a2476ef0f1061670ec46627037511070ec8f3a1480b0
SHA3-384 hash: 3347d24e6b0e4b341201b0bf94e7cfc003a25149ac3efcb53fb1ca42bbf4ee258eb600ef2d07f99da02188f216b5bed0
SHA1 hash: 3908c1efe9ca3f05dd064ea086b56574bfaee035
MD5 hash: e6fb775323fc2b1f2c25c26ebf49f6bc
humanhash: mockingbird-ack-red-butter
File name:COVID-19 OUTBREAK_TNT Express Notification.zip
Download: download sample
Signature Loki
Create hunting rule
File size:380'956 bytes
First seen:2020-04-01 11:49:38 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:4KC4MlfO1cb6+55TIA9wflYMX5T7TZoSw8Wh/abX6bOgvonwgEEwQYBX2F8AxM:bC4Ml22b6+IculxJ/NHNUKYBG7e
TLSH D88423AD3B2616384190D6BBF19A25542D7F788237C525BB218F93BE5DF147C8DC4074
Reporter abuse_ch
Tags:COVID-19 Loki zip


Avatar
abuse_ch
COVID-19 themed malspam distributing Loki:

HELO: host.s102host.com
Sending IP: 206.225.80.195
From: customerservice.sg@tnt.com
Subject: TNT Express Notification/ Your shipment was returned to our office!!!\x0a BECAUSE OF COVID-19 OUTBREAK.
Attachment: COVID-19 OUTBREAK_TNT Express Notification.zip (contains "COVID-19 OUTBREAK_TNT Express Notification.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-04-01 12:35:47 UTC
File Type:
Binary (Archive)
Extracted files:
1
AV detection:
24 of 30 (80.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ltt44pubv2fh4nnzujdw54hraylhb3cgmjydouiqodwi6oquqcya._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

zip 5ce7ce3e81ae8a7e35b9a2476ef0f1061670ec46627037511070ec8f3a1480b0

(this sample)

Loki

Executable exe a455c463dc4befb219d1786ca3246e8556b3c7525ba3f5d603857d7487326f40

  
Dropping
MD5 43d363cd1ee1b31c082a1822f725e814
  
Dropping
SHA256 a455c463dc4befb219d1786ca3246e8556b3c7525ba3f5d603857d7487326f40
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a455c463dc4befb219d1786ca3246e8556b3c7525ba3f5d603857d7487326f40

Comments