MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8eed42767803e8764583060dd08efb11fdf8bec0bf01bef2ff19815f4eb6962c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8eed42767803e8764583060dd08efb11fdf8bec0bf01bef2ff19815f4eb6962c
SHA3-384 hash: 31258b6bdbfa0d8ea983c64363ee4b612ff9541825ac355844d0ff3e4599fe6a565dd461937c285b42c837ffc1380ed1
SHA1 hash: 4b1f1d92aa387409ae71f63d5379eabab6e9438c
MD5 hash: b56bef06c0233da9fa2dfba2456c24a6
humanhash: potato-lima-michigan-lion
File name:ID547-MSC-202041789(BL DRAFT).gz
Download: download sample
Signature Loki
Create hunting rule
File size:55'763 bytes
First seen:2020-04-24 04:47:31 UTC
Last seen:2020-04-24 04:48:18 UTC
File type: gz
MIME type:application/gzip
ssdeep 1536:X8D5WzjmiZp5DG+r8FdgEWXimNQqmQ/0ttvGX:CgzCiZPH8FdyrCtq0tvGX
TLSH 4043025913DF916FB319BB8144FA5F1F0B2A6A3D506DBFD28700E48C38D2592295C71E
Reporter cocaman
Tags:gz Loki


Avatar
cocaman
Malicious email
From: ID547-MSC IDJKT IMPORT INVOICE <yanto@sandangasia.com>
Received: from 137-59-125-184.biznetgiocloud.com (137-59-125-184.biznetgiocloud.com [137.59.125.184])
Date: Fri, 24 Apr 2020 09:55:04 +0700
Subject: Notice of Arrival for MSC B/L :MEDUG3735396/MSC CARLA 3/HC009A
Attachment: ID547-MSC-202041789(BL DRAFT).gz

Intelligence

File Origin
# of uploads :
2
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.VBGeneric-7685592-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-04-24 05:35:22 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
22 of 31 (70.97%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=r3wue5tyapuhmrmdayg5bdx3ch67rpwax4a354x7dgav6tvwsywa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

gz 8eed42767803e8764583060dd08efb11fdf8bec0bf01bef2ff19815f4eb6962c

(this sample)

Loki

Executable exe fa905ffdb00ec8867a003c49ebfa43f6ff96b890c40b3fe31b0fc40bb344ded0

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 fa905ffdb00ec8867a003c49ebfa43f6ff96b890c40b3fe31b0fc40bb344ded0

Comments


Avatar
Corsin Camichel commented on 2020-04-24 04:50:22 UTC

Malicious email
From: TNT EXPRESS <worldwide@tnt.com>
Received: from 137-59-125-184.biznetgiocloud.com (137-59-125-184.biznetgiocloud.com [137.59.125.184])
Date: Fri, 24 Apr 2020 09:55:21 +0700
Subject: AWB Notification: You have A Package With Us
Attachment: TNT SHIPPING DOCUMENT.gz