MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6a3d26f0fa90c527a5946ccefe1c638a84345619809fb30c8b1a9b6b60ab553c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6a3d26f0fa90c527a5946ccefe1c638a84345619809fb30c8b1a9b6b60ab553c
SHA3-384 hash: 8751ddb6413dfe696a7f1852202489fe1108e8804cbdc2ccbdec31fdc3e25a4e3d4fae233b7a671733ede07f7eed61e7
SHA1 hash: 87b533ed24202c4711a8431877a0a908a49da6a8
MD5 hash: aa61b458d18c533dc35966749d6ac976
humanhash: arkansas-neptune-hotel-seventeen
File name:TNT Original Invoice PDF.zip
Download: download sample
Signature Loki
Create hunting rule
File size:30'720 bytes
First seen:2021-01-18 07:50:45 UTC
Last seen:Never
File type: tar
MIME type:application/x-tar
ssdeep 768:IlUdT0B/19/T7oBjf67WLXeJM5ApAbBcmxK6p:IWdTq/nPa8M66Ncm
TLSH 4BD2503C7DD41A33EA7FA67AD9E605C7FB61358332524C1E668B83411C03B963D89A1D
Reporter abuse_ch
Tags:Loki TNT zip


Avatar
abuse_ch
Malspam distributing Loki:

HELO: mageneet.com
Sending IP: 45.145.185.72
From: TNT eInvoicing <service@tnt.com>
Reply-To: TNT eInvoicing <mamart_fendi@yahoo.com>
Subject: TNT Shipment Arrival Notification Consignment No. 20211801579206
Attachment: TNT Original Invoice PDF.zip (contains "TNT Original Invoice PDF.exe")

Loki C2:
http://51.195.53.221/p.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
109
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.DownloaderNET.113.24485.25198.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6a3d26f0fa90c527a5946ccefe1c638a84345619809fb30c8b1a9b6b60ab553c/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-01-18 07:51:07 UTC
AV detection:
4 of 46 (8.70%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ni6sn4h2sdcspjmunthp4hddrkcdivqzqcp3gdeldknwwyflku6a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.35
Link:
https://yomi.yoroi.company/submissions/6a3d26f0fa90c527a5946ccefe1c638a84345619809fb30c8b1a9b6b60ab553c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

tar 6a3d26f0fa90c527a5946ccefe1c638a84345619809fb30c8b1a9b6b60ab553c

(this sample)

Loki

Executable exe a995bb11b514f86196d1c0826ffdc7c93da31232d2f68b2818e2f293b5924fe9

  
Dropping
MD5 9a1b6f469ae1ed4f63973d0d681bf203
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a995bb11b514f86196d1c0826ffdc7c93da31232d2f68b2818e2f293b5924fe9

Comments