MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 69674d19b27385b06a9cb623207de915aaef5e652bcfe43fa42d907204a0dfa6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 69674d19b27385b06a9cb623207de915aaef5e652bcfe43fa42d907204a0dfa6
SHA3-384 hash: 632c67052e03d60f84519d8fc7d5de025e305e5f27268744415fa84f909a31ecb71fb5e17e1a4ab6c01f12cd5017828a
SHA1 hash: 668adb85fac21e4b664a016eedc65c4a4166c15d
MD5 hash: 0ac5daa88621c815e292f71817289a87
humanhash: pennsylvania-seven-failed-queen
File name:Invoice Shipping Documents AWB N0 72538341.gz
Download: download sample
Signature Loki
Create hunting rule
File size:378'884 bytes
First seen:2020-10-22 16:26:08 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 6144:TN/84bCkXBg7LZnlp81wSs3je85XFyrKPhDXk/DwUbi69qJhSJDaFOBLSJxCzurh:hk4hXBg7VnlQLce8DyqDXn6YhSJGFOoR
TLSH 828423A25D0BC3DE3BBC999CA519F14D39C169437F8A249C993D412BF0721868F1A7BC
Reporter abuse_ch
Tags:DHL Endurance gz Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: 192-232-224-248.unifiedlayer.com
Sending IP: 192.232.224.248
From: DHL EXPRESS SHIPPING <opr.store@gourmetgarage.online>
Subject: AWB - Invoice and Shipping Documents
Attachment: Invoice Shipping Documents AWB N0 72538341.gz (contains "Invoice Shipping Documents AWB N0 72538341.exe")

Loki C2:
http://ad4teg.com/ccu/five/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
56
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.PackedNET.424.13196.19677.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/69674d19b27385b06a9cb623207de915aaef5e652bcfe43fa42d907204a0dfa6/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2020-10-22 12:04:58 UTC
AV detection:
6 of 48 (12.50%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=nftu2gnsooc3a2u4wyrsa7pjcwvo6xtffph6ip5efwihebfa36ta._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

gz 69674d19b27385b06a9cb623207de915aaef5e652bcfe43fa42d907204a0dfa6

(this sample)

Loki

Executable exe 0a58f60e4266e0d801a185d06903c24271d73314711f95ab0ed4eab349f6b938

  
Dropping
MD5 ea07b0813a9f12a37eff0f9935c4bdcc
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0a58f60e4266e0d801a185d06903c24271d73314711f95ab0ed4eab349f6b938

Comments