MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6238cab4b32910ed4d2d103c4ccc779d2761666296ee4d3ca6d27c99902cb7ed. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6238cab4b32910ed4d2d103c4ccc779d2761666296ee4d3ca6d27c99902cb7ed
SHA3-384 hash: d959ad0f2ca435d282b3917479d358cc1df071c8525508913e398cf99b878e899c46b9733255d383d99a374cf5d77f87
SHA1 hash: 50e984ca581f7a008f638c3c8359f11f679cf265
MD5 hash: 629ecbaf1e85cb565974e8e2506fd219
humanhash: fifteen-chicken-football-lemon
File name:eInvoicing_pdf.gz
Download: download sample
Signature Loki
Create hunting rule
File size:216'880 bytes
First seen:2020-10-22 08:13:30 UTC
Last seen:2020-10-22 08:24:43 UTC
File type: gz
MIME type:application/gzip
ssdeep 3072:xVwuKnGrSH5oWRFas3cH2l2+03q8w6TJfHuweadcifM4b6A/fEwYMkaLtbOSs3e+:xiuAZokYZI76VfOtyJ5YMkrXYHkPRu2
TLSH D9242378B7BD9537B4D454B0B7CAC8496D38CCE02769806BE789ACDC27F50AC0EB4685
Reporter abuse_ch
Tags:gz Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: larisaevents.gr
Sending IP: 213.239.215.207
From: einvoicing <tntsupport.admin@tnt.com>
Subject: TNT Express Invoice: 09004105 - Account: 000022245
Attachment: eInvoicing_pdf.gz (contains "eInvoicing_pdf.exe")

Loki C2:
http://195.69.140.147/.op/cr.php

Intelligence

File Origin
# of uploads :
2
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Trojan.Generic-6629274-0
Create hunting rule

Sanesecurity.Malware.27383.GZipHeur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6238cab4b32910ed4d2d103c4ccc779d2761666296ee4d3ca6d27c99902cb7ed/
Threat name:
ByteCode-MSIL.Infostealer.Tepfer
Create hunting rule
Status:
Malicious
First seen:
2020-10-22 07:08:33 UTC
File Type:
Binary (Archive)
Extracted files:
13
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=mi4mvnftfeio2tjnca6eztdxtutwcztcs3xe2pfg2j6jtebmw7wq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

gz 6238cab4b32910ed4d2d103c4ccc779d2761666296ee4d3ca6d27c99902cb7ed

(this sample)

Loki

Executable exe e229a2989b9e6bc90c114f9e6b7a0cdbeb106ccd7b90c70591ec48dce41aa6ba

  
Dropping
MD5 fc0e054e98059639a3171b32d86b66c2
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e229a2989b9e6bc90c114f9e6b7a0cdbeb106ccd7b90c70591ec48dce41aa6ba

Comments