MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5dceff1c17bdb060e6236ddc2d8c8d3db1bf50ac7d624aec704a6365baf0c0e4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5dceff1c17bdb060e6236ddc2d8c8d3db1bf50ac7d624aec704a6365baf0c0e4
SHA3-384 hash: 3c93dcc1c8ced56ef4ba92088dbbb5cb4d595fbf4f14225c80c2b8ae10f2eb1c1ce862977340c7ae2d668db1aa430486
SHA1 hash: 292c885b183e387a01b7d115128959471d06655e
MD5 hash: 99a9a50b5761eb599cee7916da81849f
humanhash: artist-ink-football-gee
File name:TAIKISHA RFQ VG20-02033960546_ Quang Trung Ha Dong.zip
Download: download sample
Signature Loki
Create hunting rule
File size:368'081 bytes
First seen:2020-06-16 05:23:39 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:mvepMC7+GDSKA4Sp86XwPMqjJyGINnISFeQZaJwnl8kq4evF7B1YSw2BrtA2EoA2:IgMC784Sp8PlkRNISFeQIkreN7j1tpEo
TLSH 2674231A0B6EE7FC14AFE5B8BCDE66B7B02190F1EE674634D08D64D2850AC15332D9E4
Reporter abuse_ch
Tags:geo Loki VNM zip


Avatar
abuse_ch
Malspam distributing Loki:

HELO: e.vinahost.vn
Sending IP: 125.212.217.216
From: Lê Thị Doãn Thu / Taiki Sha VN [lethi.doan@taikisha-vn.com] <hrm@shangwood.com.vn>
Subject: RE: RFQ VG20-02033960546 - ĐƠN ĐẶT HÀNG HA DONG (QUANG TRUNG)
Attachment: TAIKISHA RFQ VG20-02033960546_ Quang Trung Ha Dong.zip (contains "ENGEN RFQ #501-0124_V1_90WP_300G.exe")

Loki C2:
http://egamcorps.ga/~zadmin/lmark/harley/mode.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Downloader.Soft32downloader-6691270-0
Create hunting rule

SecuriteInfo.com.Artemis162931E90DCF.4593.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injuke
Create hunting rule
Status:
Malicious
First seen:
2020-06-16 05:25:05 UTC
AV detection:
15 of 48 (31.25%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=lxhp6haxxwygbzrdnxoc3denhwy36ufmpvrev3dqjjrwloxqydsa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

zip 5dceff1c17bdb060e6236ddc2d8c8d3db1bf50ac7d624aec704a6365baf0c0e4

(this sample)

Loki

Executable exe 3136ad1106696dccbe36a60dd14d96ea9cb61a4a4ca2aa84f666efd97c9e04ea

  
Dropping
MD5 98b88e3a283fd23faf85431358d0a407
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 3136ad1106696dccbe36a60dd14d96ea9cb61a4a4ca2aa84f666efd97c9e04ea

Comments