MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7ff37e52308b24112ef784314b32b43774b8031ea8f922a2332582b592a2db72. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7ff37e52308b24112ef784314b32b43774b8031ea8f922a2332582b592a2db72
SHA3-384 hash: 109ee467b20250e176b1a459d6cbe57f87e3c0d5f98dd201592649d248ba4198d02b4127920328bf63be1c4d60e994a8
SHA1 hash: 790914364428b88e8af418b5c4614411b03a751f
MD5 hash: 235830d9ebc352fd503de1dc2916b482
humanhash: cup-music-ack-red
File name:PO-503675453034576Shipment_INV_pdf.gz
Download: download sample
Signature Loki
Create hunting rule
File size:469'733 bytes
First seen:2020-06-16 05:00:24 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 12288:irD/c22DJeSLDbtEnklxRW77ipQouH/xSingUAemkD+6x9o:irrc3JeSHbtEnklrWapQN/0Mhckx9o
TLSH A7A42382A063EC545DD521A63AFEE590DD3D957E3A478A7B298F03C76DC37F0890E884
Reporter abuse_ch
Tags:DHL gz Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: host.sidhiciang.net
Sending IP: 67.222.24.138
From: (External_DHL ID)_Notification_Worldwide_© <tax@suryaindo.com>
Subject: [PENYEDIAAN MENDESAK] DHL NOTIFICATION 503675453034576 on 16 Jun 2020
Attachment: PO-503675453034576Shipment_INV_pdf.gz (contains "gunzipped")

Loki C2:
http://purinex.co.id/k2/Panel/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Adware.Generic4.BBFB.UNOFFICIAL
Create hunting rule

PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Sanesecurity.Malware.27383.GZipHeur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.CryptInjector
Create hunting rule
Status:
Malicious
First seen:
2020-06-16 05:02:06 UTC
AV detection:
24 of 29 (82.76%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=p7zx4urqrmsbclxxqqyuwmvug52lqay6vd4sfirtewbllevc3nza._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

gz 7ff37e52308b24112ef784314b32b43774b8031ea8f922a2332582b592a2db72

(this sample)

Loki

Executable exe f59bff7e0a249d457a72c47010c78c01cf61e30e619f02fb1fa786370bd3e4fa

  
Dropping
MD5 3d9642d41e5bc006fb6b565dadbb4369
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f59bff7e0a249d457a72c47010c78c01cf61e30e619f02fb1fa786370bd3e4fa

Comments