MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 85c1a5e86ad8d4bd72492050a8d9c6422422dcc616633e7b2107a7c588122162. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 85c1a5e86ad8d4bd72492050a8d9c6422422dcc616633e7b2107a7c588122162
SHA3-384 hash: 04cf85c88225656b1c7ce4ff085c82830a9f61ed1b852e62b8a70dcb01f3683e9a6ea98a6adae9e2a91d9ecf8ac17b4b
SHA1 hash: 5b5da5c838df7812cb14673a3e4acca38ed52dc3
MD5 hash: e7a037202eca59899d4207ae070b387e
humanhash: spring-sad-connecticut-nitrogen
File name:0038ax.rar
Download: download sample
Signature Loki
Create hunting rule
File size:299'166 bytes
First seen:2020-05-21 09:15:17 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:yTzrX0ypMSyg17hhULIX9Eav9BKtlmRsp:a7MSG0X19EXmRc
TLSH 5354234D3905F1E6E8A2504AB7D98DA6F488E00F032B9D7F079BCB9E71040B4837697D
Reporter abuse_ch
Tags:DHL Loki rar


Avatar
abuse_ch
Malspam distributing Loki:

HELO: sadana.dua.rumahweb.com
Sending IP: 103.253.212.215
From: dhlSender@dhl.com <building@antam.id>
Subject: DHL Express Shipment Confirmation.00CC
Attachment: 0038ax.rar (contains "0038ax.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-21 12:17:56 UTC
File Type:
Binary (Archive)
Extracted files:
297
AV detection:
23 of 48 (47.92%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=qxa2l2dk3dkl24sjebikrwogiiscfxggczrt46zba6t4lcasefra._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

rar 85c1a5e86ad8d4bd72492050a8d9c6422422dcc616633e7b2107a7c588122162

(this sample)

Loki

Executable exe cb571afc1d03fa78ed4195ba460af43eaf613b09630fd49c5425b88d1378f437

  
Dropping
MD5 17640fb3c3f7fe68d1a60d8dc488065a
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 cb571afc1d03fa78ed4195ba460af43eaf613b09630fd49c5425b88d1378f437

Comments