MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7f25c7015d0d3ccea692745f0adfc5dad8392b67635544812d70ff7b046ca358. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7f25c7015d0d3ccea692745f0adfc5dad8392b67635544812d70ff7b046ca358
SHA3-384 hash: 2ab3ec2a526dd89bb7f0c4dfa3da4a37fe11413743eda264eb48cf5e00b6d6afd5fae63ffca74305ca17adeb757c784e
SHA1 hash: 3e3105d9d605d1e59ea7fe2c518d219c8c53c5fc
MD5 hash: c655419d465cdfa147d9390b6777414f
humanhash: emma-stream-hot-florida
File name:SHIPPING DOCUMENTS - AWB N0 84136312 .gz
Download: download sample
Signature Loki
Create hunting rule
File size:384'980 bytes
First seen:2020-10-21 09:58:27 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 6144:IMZfw4TI99sn9E7StdF8kkDpiumHUElCHsf134KgaS8tclqmLof3DhNgGJIOrvJg:Iow48QE7StdsmHUElCHs9ZO8mcyo7ng7
TLSH F584233AE7DADED085B32BB109C80D4D7E94A981BE33821BD43972D1E2161E5CD36678
Reporter abuse_ch
Tags:DHL gz Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: vps.untrarto.com
Sending IP: 45.153.203.102
From: DHL CUSTOMER SERVICE <office@untrarto.com>
Subject: Failed DHL Delivery Notification (AWB N0: 8413****6312)
Attachment: SHIPPING DOCUMENTS - AWB N0 84136312 .gz (contains "SHIPPING DOCUMENTS - AWB N0 84136312 .exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7f25c7015d0d3ccea692745f0adfc5dad8392b67635544812d70ff7b046ca358/
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=p4s4oak5bu6m5jusorpqvx6f3lmdsk3hmnkujajnod7xwbdmunma._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

gz 7f25c7015d0d3ccea692745f0adfc5dad8392b67635544812d70ff7b046ca358

(this sample)

Loki

Executable exe eb140984e61c9b9860794656d3f978896944a0f7258c5abe25391b8c71f56853

  
Dropping
MD5 0fa9f824e7e956d42dcac1dda49bc353
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 eb140984e61c9b9860794656d3f978896944a0f7258c5abe25391b8c71f56853

Comments