MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 85b68dd0b283e7495e042aef4a32abcef644681c28b38d0367a12ad08c6f33e5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 85b68dd0b283e7495e042aef4a32abcef644681c28b38d0367a12ad08c6f33e5
SHA3-384 hash: 1e5e5e59b615061d19b3a3c124b0cd7166fcf9ba30b49680db0e59a075b17cf40bd809e1f9bebd55bc822d8f7d95b005
SHA1 hash: 3104499aea19b0c47daae2bd876ab8f32c0811a3
MD5 hash: 33ec7f8ea8b3f3f939cb61afe94f5354
humanhash: washington-mango-stairway-arkansas
File name:CCMA Final Reminder Case GAJK22818289000-20.pdf.gz
Download: download sample
Signature Loki
Create hunting rule
File size:148'287 bytes
First seen:2020-07-16 08:17:25 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 3072:LY8EP/k6N2yQf82rrH9WW7tHCDq7vcLjYGM+HMuge7IXlaxG2QFDH85JaDayx/y8:LYHPUXFdhlCe23HdOaxG2Cjauayx/yDg
TLSH 68E312D1A82EB34C1EF39CE27EDA469630752D5676F8592CEB1D2A630329D34BF50630
Reporter abuse_ch
Tags:gz Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: slot0.griferaisnova.com
Sending IP: 107.174.244.100
From: admin@ccma.org.za
Subject: URGENT - CCMA Final Reminder: Case GAJK22818289000-20 (GAJK) is scheduled for 'Arbitration' for Wed 22-July-2020 13:00 To Wed 22-July-2020 15:00
Attachment: CCMA Final Reminder Case GAJK22818289000-20.pdf.gz (contains "CCMA Final Reminder Case GAJK22818289000-20.pdf.exe")

Loki C2:
http://winqits.com/~zadmin/lk/me/gate.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/85b68dd0b283e7495e042aef4a32abcef644681c28b38d0367a12ad08c6f33e5/
Threat name:
Win32.Trojan.Babar
Create hunting rule
Status:
Malicious
First seen:
2020-07-16 08:19:05 UTC
AV detection:
7 of 48 (14.58%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=qw3i3ufsqptusxqeflxuumvlz33ei2a4fczy2a3huevnbddpgpsq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

gz 85b68dd0b283e7495e042aef4a32abcef644681c28b38d0367a12ad08c6f33e5

(this sample)

Loki

Executable exe a311beccd46c02cfbc4ef43b3a555efb14b792dab5fcadd31386e3f78ee84e80

  
Dropping
MD5 e95da9287dbc6a6f45397233b50156ae
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a311beccd46c02cfbc4ef43b3a555efb14b792dab5fcadd31386e3f78ee84e80

Comments