MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 767659997e1946c5e21cc6f9152e00eba5b17300b03494bebb0924c47d944560. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 767659997e1946c5e21cc6f9152e00eba5b17300b03494bebb0924c47d944560
SHA3-384 hash: b6ddeb58e4eca0ec9b9b5c2d54846d80342f7d4048d1c1b1d15e996e994b85adfc27cf2bdb3a2749a2ba21f198c2be59
SHA1 hash: 4e0779ffe85dcaf9f4a0b81eb5245c42d556f678
MD5 hash: 7633b603bd85db038fe25d5c7379d8fe
humanhash: ceiling-bakerloo-sixteen-north
File name:attachments.zip
Download: download sample
Signature Loki
Create hunting rule
File size:9'095 bytes
First seen:2020-11-05 07:14:48 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 192:6SPvmh3OpbRXjiMNHvoYQsSubJqohJfYxvTz/nyqbO5J:6iOh01GMNPoYtJ8xvHnK5J
TLSH C912BF94580B0EF0FA4BBF3E8E631616A9ED94A2E0E7DC18E9ED100F9C176E40727517
Reporter cocaman
Tags:zip


Avatar
cocaman
Malicious email (T1566.001)
From: ""Abraham P. Kuriakose" <abraham.kuriakose@mubarak.ae>"
Received: "from postfix-inbound-4.inbound.mailchannels.net (inbound-egress-5.mailchannels.net [199.10.31.237]) "
Date: "Thu, 05 Nov 2020 02:11:33 +0000 (UTC)"
Subject: "NOV---PO 1104WR, 1103WR ,1099WR, 1110WR /REQUEST FORM FOR MUBARAK DUBAI//"
Attachment: "attachments.zip"

Intelligence

File Origin
# of uploads :
1
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.W97M.Downloader.Gen-2.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.27998.XmlHeur.RemFrameDoc.UNOFFICIAL
Create hunting rule

TwinWave.EvilDoc.RemoteFrameBadDDomainShowdown.202007014.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/767659997e1946c5e21cc6f9152e00eba5b17300b03494bebb0924c47d944560/
Threat name:
Document-Word.Exploit.CVE-2017-0199
Create hunting rule
Status:
Malicious
First seen:
2020-11-05 07:16:05 UTC
File Type:
Binary (Archive)
Extracted files:
13
AV detection:
14 of 29 (48.28%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=oz3ftgl6dfdmlyq4y34rklqa5os3c4yawa2jjpv3besmi7muivqa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

zip 767659997e1946c5e21cc6f9152e00eba5b17300b03494bebb0924c47d944560

(this sample)

Loki

Word file doc 0f0033179b2be96981b8425066f35653f6c6fe580f7283a25f920201ddceda5c

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0f0033179b2be96981b8425066f35653f6c6fe580f7283a25f920201ddceda5c

Comments