MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6c740da8403ac3ab9d165adc259e9dad1b5d1f4e0a87fda14e879e08ef1f6a86. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 2 File information 4 Yara Comments

SHA256 hash: 6c740da8403ac3ab9d165adc259e9dad1b5d1f4e0a87fda14e879e08ef1f6a86
SHA3-384 hash: 09e631e9a2de224e5ef2cb280df20f7744ae24c339b7b3e247ad20e5acf0baf73aa8749c27d4dcdad43063c3ebbee6b5
SHA1 hash: cbc2cb59aac3029a616ea89998ca7204ac98b42e
MD5 hash: cb9a61bf5bd445d17ce21b98af371135
humanhash: pip-massachusetts-single-fifteen
File name:Request For Price quotation 30-6-2020_pdf.rar
Download: download sample
Signature Loki
File size:303'345 bytes
First seen:2020-06-30 13:31:49 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:nh0WiBGeR/90BK4Ii31hLLL9WPHe8AYV4pixoDNcxUUl0IVd:hsB/0BzIIhLLL9++8AYHWAl5
TLSH 9B5423EF1669B358CF61C7EF99F68902A878D40C26EF13975D02A7651273B98E3F2050
Reporter @abuse_ch
Tags:Loki rar


Twitter
@abuse_ch
Malspam distributing Loki:

HELO: metheksis.gr
Sending IP: 5.9.14.91
From: NATIONAL UNIVERSITY OF SINGAPORE <office@nus.edu.sg>
Subject: Request For Price quotation (NATIONAL UNIVERSITY OF SINGAPORE) NUS894/BU463
Attachment: Request For Price quotation 30-6-2020_pdf.rar (contains "crypted_pdf.exe")

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 1
# of downloads 33
Origin country US US
ClamAV Sanesecurity.Malware.27382.Rar5Heur.UNOFFICIAL
CERT.PL MWDB Detection:n/a
Link: https://mwdb.cert.pl/sample/6c740da8403ac3ab9d165adc259e9dad1b5d1f4e0a87fda14e879e08ef1f6a86/
ReversingLabs :Status:Malicious
Threat name:Win32.Trojan.Injector
First seen:2020-06-30 13:33:05 UTC
AV detection:19 of 48 (39.58%)
Threat level:   2/5
Spamhaus Hash Blocklist :Malicious file
VirusTotal:Virustotal results 35.00%

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

rar 6c740da8403ac3ab9d165adc259e9dad1b5d1f4e0a87fda14e879e08ef1f6a86

(this sample)

  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment

Comments