MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6a5521be42e6d51b51f68c26842da415317dbb0c48e6e5c4107b7e1be5de5cac. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6a5521be42e6d51b51f68c26842da415317dbb0c48e6e5c4107b7e1be5de5cac
SHA3-384 hash: ff9497b13f587c692a31aa967155c23f908ac0eb6735bc36f0e2a05c98f0f9c515f6450a18acdf8942fe58e3d23ab9bb
SHA1 hash: 38be8d9b4051ab337b49e62d349c3665374b6cc2
MD5 hash: c381da3284e14eecb3ca284354f5d7a3
humanhash: skylark-beryllium-lactose-sierra
File name:Receipt.gz
Download: download sample
Signature Loki
Create hunting rule
File size:123'744 bytes
First seen:2021-01-19 13:00:29 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 3072:vZxhdC8gOybXCl4llZJNZMlwNFEqcUuoE6:BxfCQkXIQoGpWx6
TLSH 34C3124336CD262E74DFB790A7E1504B0E597799E6E2B166330E7EE742161F22C98E80
Reporter abuse_ch
Tags:DHL gz Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: ycg0.frftru.ga
Sending IP: 134.122.43.65
From: DHL Global <contacts.cn@frftru.ga>
Subject: DHL Arrival Notice: Parcel delivery & tracking
Attachment: Receipt.gz (contains "Receipt.exe")

Loki C2:
http://51.195.53.221/p.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
134
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
SUSPICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6a5521be42e6d51b51f68c26842da415317dbb0c48e6e5c4107b7e1be5de5cac/
Threat name:
Win32.Trojan.Pwsx
Create hunting rule
Status:
Malicious
First seen:
2021-01-19 13:01:11 UTC
AV detection:
14 of 46 (30.43%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=njksdpsc43krwupwrqtiilnecuyx3oymjdtolraqpn7bxzo6lswa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/6a5521be42e6d51b51f68c26842da415317dbb0c48e6e5c4107b7e1be5de5cac

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

gz 6a5521be42e6d51b51f68c26842da415317dbb0c48e6e5c4107b7e1be5de5cac

(this sample)

Loki

Executable exe cd82528c1dd172d20632369ad7f34cdfad3945a610754764c045740d96b717fe

  
Dropping
MD5 5c057d1e8206626f6ec67db4d225876b
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 cd82528c1dd172d20632369ad7f34cdfad3945a610754764c045740d96b717fe

Comments