MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 91ec279ba2b717949ee6e59be42bb99e6298f61005cda8262457d4f1d43a6e56. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 91ec279ba2b717949ee6e59be42bb99e6298f61005cda8262457d4f1d43a6e56
SHA3-384 hash: f373e2d8c8dd53880e95400dfdae2ad1dd1da3566d8dd342fb38c346bdf7e4279447aa957303375336ca19126e6c4eaa
SHA1 hash: b59e73f6ce730da38c1b8faa98b453528e614f11
MD5 hash: be36cfe8067afd0cb518aaedeefd9d9e
humanhash: grey-video-harry-magnesium
File name:awb_scan copy 25-06-2020 AWB01104027.tbz2
Download: download sample
Signature Loki
Create hunting rule
File size:212'943 bytes
First seen:2020-06-25 09:03:20 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:tQ0O5KyyP3oTasmZpG4J7VRwi+VGYDpjImPq:trMKZ/oTTmv1Q7FjTPq
TLSH 94241260F633334DE06CA28B2A4D157669936F42E37533292711F7C88CA9E7A5264DCF
Reporter abuse_ch
Tags:DHL Loki tbz2


Avatar
abuse_ch
Malspam distributing Loki:

HELO: ns303737.ip-94-23-207.eu
Sending IP: 94.23.207.218
From: dhlemailship@dhl.com
Subject: DHL Intraship Express Consignment 25-06-2020 #AWB:01104027
Attachment: awb_scan copy 25-06-2020 AWB01104027.tbz2 (contains "awb_scan copy 25-06-2020 #AWB01104027.exe")

Loki C2:
http://koreanbeautyexpert.com/finn/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
92
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/91ec279ba2b717949ee6e59be42bb99e6298f61005cda8262457d4f1d43a6e56/
Gathering data
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=shwcpg5cw4lzjhxg4wn6ik5ztzrjr5qqaxg2qjrek7kpdvb2nzla._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

rar 91ec279ba2b717949ee6e59be42bb99e6298f61005cda8262457d4f1d43a6e56

(this sample)

Loki

Executable exe eee9ef1189886f11287b1db59eb13fba5c5f2b880e9fb744cafe15feed1f57b3

  
Dropping
MD5 e2d467802b28dc8409ce1978878cb5e7
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 eee9ef1189886f11287b1db59eb13fba5c5f2b880e9fb744cafe15feed1f57b3

Comments