MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8dd56c5aa40f91ae736c97689bab5066c2fd86f5a3cd181851579dcb5b42ed50. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8dd56c5aa40f91ae736c97689bab5066c2fd86f5a3cd181851579dcb5b42ed50
SHA3-384 hash: 023bb5eb965928176331a27159fea53bdad14cbff3f91c8280e6a547a9f97aa20ca7ed4282edfc851830926dc1edb137
SHA1 hash: 84ce1185dc19e03530e71eb0f37200d2e35718e2
MD5 hash: 6638d5300b1a25f07aa08472d8b537f8
humanhash: wyoming-undress-carpet-white
File name:Packing Lists.img
Download: download sample
Signature Loki
Create hunting rule
File size:1'245'184 bytes
First seen:2020-06-18 05:46:09 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:8BRcXM3Uc4yEUdqhfwxgcQYRpS3hF6vqA+T7C/9qOo:QUBcxqhffV2vDEe/
TLSH 8C458E22F29048F7F163157D5D0B9F6899E6BE512A2816467BFC1C4CAF3D382392B1C6
Reporter abuse_ch
Tags:HostGator img Loki Maersk


Avatar
abuse_ch
Malspam distributing Loki:

HELO: gateway24.websitewelcome.com
Sending IP: 192.185.51.209
From: International Cargo Logistics <ana.vilmana@icl.com.do>
Reply-To: International Cargo Logistics <pangsheng79@gmail.com>
Subject: RE : RE : URGENT!!! 2 x 20ft - SHIPPING DOC BL, SI, INV#462345 //MAERSK KLEVEN V.949E //
Attachment: Packing Lists.img (contains "Packing Lists.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.FormBook
Create hunting rule
Status:
Malicious
First seen:
2020-06-18 05:48:05 UTC
AV detection:
19 of 31 (61.29%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=rxkwywveb6i2443ms5ujxk2qm3bp3bxvupgrqgcrk6o4ww2c5via._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

img 8dd56c5aa40f91ae736c97689bab5066c2fd86f5a3cd181851579dcb5b42ed50

(this sample)

Loki

Executable exe b3632e0dd5c285e714fa880ab59e27fbc7678b220dd19661587b4501f9df51f6

  
Dropping
MD5 1b0d830a35b27bf1d8921df876d72c20
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b3632e0dd5c285e714fa880ab59e27fbc7678b220dd19661587b4501f9df51f6

Comments