MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 759ee67ce231db7cbb77533ac413963acb6b5d6bc86e4a0f381de85c84c5749e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 759ee67ce231db7cbb77533ac413963acb6b5d6bc86e4a0f381de85c84c5749e
SHA3-384 hash: a555fc6f1638b6f7389d6072c191fb7b8036efdf7bd5b861547f1356a15dea7e208b048a435aa7998991844616df962c
SHA1 hash: aa2b7637d2501714a857e81a6d678fbb87d55ba8
MD5 hash: 65a9fdb3f65c6d2e08274e132563c1db
humanhash: angel-thirteen-lake-edward
File name:Payment Advice_xlsx(1).xz
Download: download sample
Signature Loki
Create hunting rule
File size:142'299 bytes
First seen:2021-02-12 01:51:16 UTC
Last seen:Never
File type: xz
MIME type:application/x-rar
ssdeep 3072:rVTFd7N28aVt3LKWZCIXBArtd76lUSQR5reY:rVpd7VQ3OWZCQcxRtZ
TLSH 08D31227BD9D27FF3B162C4E0CA6DB0F4543F5695A8B045E1C12738A7530272A90EBE5
Reporter cocaman
Tags:Loki xz


Avatar
cocaman
Malicious email (T1566.001)
From: ""Standard Chartered Bank" <advicesin@opsmarinetime.com>" (likely spoofed)
Received: "from opsmarinetime.com (maildc1519218099.mihandns.com [188.212.22.220]) "
Date: "Thu, 11 Feb 2021 04:26:49 -0500 (EST)"
Subject: "Payment Advice from Standard Chartered Bank"
Attachment: "Payment Advice_xlsx(1).xz"

Intelligence

File Origin
# of uploads :
1
# of downloads :
128
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Suspected-exe-in-RAR.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/759ee67ce231db7cbb77533ac413963acb6b5d6bc86e4a0f381de85c84c5749e/
Threat name:
Win32.Trojan.Ymacco
Create hunting rule
Status:
Malicious
First seen:
2021-02-12 02:08:15 UTC
File Type:
Binary (Archive)
Extracted files:
5
AV detection:
13 of 46 (28.26%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=owpom7hcghnxzo3xkm5mie4whlfwwxllzbxeudzydxufzbgfospa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/759ee67ce231db7cbb77533ac413963acb6b5d6bc86e4a0f381de85c84c5749e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

xz 759ee67ce231db7cbb77533ac413963acb6b5d6bc86e4a0f381de85c84c5749e

(this sample)

Loki

Executable exe 9f5be050c4fe63704809ba4d8b65bb1d52e54b87bcbd5d65ab2ffdf73e7b5400

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 9f5be050c4fe63704809ba4d8b65bb1d52e54b87bcbd5d65ab2ffdf73e7b5400
  
Dropping
Loki

Comments