MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 62bbcd497db67a456c4121c92660ca3c3d61372b383655e5cad13eed367e49c6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 62bbcd497db67a456c4121c92660ca3c3d61372b383655e5cad13eed367e49c6
SHA3-384 hash: 47eeb1ff00cf13eea570a43e31da8d0198acefa97a6bbc1b2d22f267a5130de43dd2ac00b8468d8db267bfa7279f3f99
SHA1 hash: 61c93c6b6e8a4b98d350ee014ff0d469fd7ecfad
MD5 hash: 487940dab7fb3fe58fb86999c55d02d0
humanhash: oven-lake-zebra-avocado
File name:PURCHASE ORDER.xz
Download: download sample
Signature Loki
Create hunting rule
File size:346'386 bytes
First seen:2021-01-18 18:33:12 UTC
Last seen:Never
File type: xz
MIME type:application/x-rar
ssdeep 6144:k/PljxJOh/iqyzUn/4Hmwzew2gaCIBJjLZqAp7bn14DX22aY9j53qRAz07AA:WxIh6q7wGc2Zvttb1EO+NaRAzvA
TLSH D57423F18BB459BCBF4F0500C7ACD91483ABF6D5386DB00E5B673949B540892A62FBB1
Reporter abuse_ch
Tags:Loki xz


Avatar
abuse_ch
Malspam distributing Loki:

HELO: mail0.sun--industries.com
Sending IP: 142.93.154.62
From: Eric Sham<exports@sun--industries.com>
Subject: Purchase Order
Attachment: PURCHASE ORDER.xz (contains "PURCHASE ORDER.exe")

Loki C2:
http://23.238.43.43/taker/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
176
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/62bbcd497db67a456c4121c92660ca3c3d61372b383655e5cad13eed367e49c6/
Threat name:
Win32.Trojan.Pwsx
Create hunting rule
Status:
Malicious
First seen:
2021-01-18 17:17:00 UTC
AV detection:
11 of 29 (37.93%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=mk542sl5wz5ek3cbehesmygkhq6wcnzlha3flzok2e7o2nt6jhda._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/62bbcd497db67a456c4121c92660ca3c3d61372b383655e5cad13eed367e49c6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

xz 62bbcd497db67a456c4121c92660ca3c3d61372b383655e5cad13eed367e49c6

(this sample)

Loki

Executable exe 35f2d31f591a7850c05f86c1124aef7193bdd2f2ad7421d1fb09e1144b3fc3d3

  
Dropping
MD5 a0bfe1e9ca7da75365ffaf5cf0efb2bb
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 35f2d31f591a7850c05f86c1124aef7193bdd2f2ad7421d1fb09e1144b3fc3d3

Comments