MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 85513afbe57f295796316665763a4d94632a08cda1f5aca1d8ac40cf0ea9e14f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 85513afbe57f295796316665763a4d94632a08cda1f5aca1d8ac40cf0ea9e14f
SHA3-384 hash: 6960ba83abd89d1af276eda2b90404fd7b0f18c41372a753e5e303bc40be1400eddc9216f371ef7bf9f4e1e50d3e42c3
SHA1 hash: e409fd9a5a884c9744a0c80f5d71c11a23b70aef
MD5 hash: 9e457596ce5c11f945d8d17e52fb26b5
humanhash: washington-delaware-stream-west
File name:DHL SHIPMENT DOCUMENTS_pdf.gz
Download: download sample
Signature Loki
Create hunting rule
File size:161'910 bytes
First seen:2020-10-22 06:44:39 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 3072:WMrdvK5K0Lqf+LYzetxzDNHKW4/P6mnzY80I3igGIOiySoF99Og29feR4:/RK5/+f+PBRHK7vzY803nIKS8PQeR4
TLSH 3CF31279B482260EB8060FF1210E443581338E18F2F83E4D05EBA65792B7599FF95BA2
Reporter abuse_ch
Tags:DHL gz Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: alnassar.com.sa
Sending IP: 162.244.93.110
From: Deepali Gandhi <deepali.patl@fedex.com>
Subject: RE: [EXTERNAL] RE: Con No : 2616161760 SHIPMENT WERNER MATHIS AG OBERHASLI
Attachment: DHL SHIPMENT DOCUMENTS_pdf.gz (contains "DHL SHIPMENT DOCUMENTS_pdf.exe")

Loki C2:
http://ciuj.ir/kings/five/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
59
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27382.Rar5Heur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/85513afbe57f295796316665763a4d94632a08cda1f5aca1d8ac40cf0ea9e14f/
Threat name:
ByteCode-MSIL.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-10-22 02:28:29 UTC
AV detection:
17 of 27 (62.96%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=qvitv67fp4uvpfrrmzsxmosnsrrsucgnuh22zioyvram6dvj4fhq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

gz 85513afbe57f295796316665763a4d94632a08cda1f5aca1d8ac40cf0ea9e14f

(this sample)

Loki

Executable exe c0e2cab3d769492894631d4bcf3c762331a40c61689ded834eecfeb4ac898068

  
Dropping
MD5 7a11abf481c329f47dfe9ad82ece721c
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c0e2cab3d769492894631d4bcf3c762331a40c61689ded834eecfeb4ac898068

Comments