MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6618caba6d73150fc10c2e4d2cacf3ce63e86997224b9555b48d3756efeb6d3c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 2 File information 4 Yara Comments

SHA256 hash: 6618caba6d73150fc10c2e4d2cacf3ce63e86997224b9555b48d3756efeb6d3c
SHA3-384 hash: fcb420e1341d24c1374906f8a48c170deec476ea7d17a7542ce96c8629c5792f8aed5a9ee16cc26714049bef6be26002
SHA1 hash: c2dbd3ccf0f343e7aafc77aa282a725c852e7910
MD5 hash: b934e224625eb413ee380000fc6774a3
humanhash: artist-beer-tennis-august
File name:BANK_RECEIPT_PDF.zip
Download: download sample
Signature Loki
File size:181'239 bytes
First seen:2020-06-30 13:32:36 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 3072:rI0vkZFb11KDL3w55RUKfIQ+O2HwlhFF+DmtoSoxy03nmqX6akPXPF//gU:rI0vgP0DL3zgXF2HwlhD+DmjoN3njk/h
TLSH D804123A7B73E5846784DCFF9C345F805DACB8EEC7D2176A0054180AA228C769EB7724
Reporter @abuse_ch
Tags:Loki zip


Twitter
@abuse_ch
Malspam distributing Loki:

HELO: mailgate04.ps.kz
Sending IP: 185.22.64.95
From: Alexandr Gutov <a.gutov@rcmeirim.kz>
Subject: BANK RECEPIT IN 2020-21
Attachment: BANK_RECEIPT_PDF.zip (contains "BANK_RECEIPT_PDF.exe")

Loki C2:
http://beckhoff-th.com/kon/kon1/fre.php

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 1
# of downloads 35
Origin country US US
ClamAV SecuriteInfo.com.Generic-EXE.UNOFFICIAL
CERT.PL MWDB Detection:n/a
Link: https://mwdb.cert.pl/sample/6618caba6d73150fc10c2e4d2cacf3ce63e86997224b9555b48d3756efeb6d3c/
ReversingLabs :Status:Malicious
Threat name:ByteCode-MSIL.Trojan.Androm
First seen:2020-06-30 13:34:08 UTC
AV detection:24 of 48 (50.00%)
Threat level:   2/5
Spamhaus Hash Blocklist :Malicious file
VirusTotal:No data

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

zip 6618caba6d73150fc10c2e4d2cacf3ce63e86997224b9555b48d3756efeb6d3c

(this sample)

  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment

Comments