MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 95174e5cf3ee5084d34ed48e5a4660f996d7f04555af426cffdc91fe193a0c69. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 95174e5cf3ee5084d34ed48e5a4660f996d7f04555af426cffdc91fe193a0c69
SHA3-384 hash: 33fe997fa2e9e718ea874180c1a88ed05b697b52d1ee9535be21b257031b27d6c2e5baa18992627d3ccfa106b423eed2
SHA1 hash: 80b34794685718598b4f3fee955a1e72315522e7
MD5 hash: 2111fb9404cbce8180364e618cd15143
humanhash: happy-fanta-cardinal-artist
File name:PO-02182021 pdf.zip
Download: download sample
Signature Loki
Create hunting rule
File size:729'861 bytes
First seen:2021-02-18 15:10:57 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:s/SF3BfUVNzSENDVp9JWMECkNByutpt/mRxLafUU4AFG1CgX2IMLNYLzZgCJif64:s/SF3ZiSWV8MEPBz/mzaUU4PtAYV4
TLSH 70F433B1B30B2DA5C86B2BE803DB704944EDCDEA7532A4BF25CE05889D1D8EB705855F
Reporter c_APT_ure
Tags:pwd-protected


Avatar
c_APT_ure
Date: Thu, 18 Feb 2021 21:34:19 +0700
From: Norbert Streicher <pnh@kagumhotel.net>
To: undisclosed-recipients:;
Subject: Fw: Aw: PURCHASE ORDER
Reply-To: Norbert Streicher <N.Streicher@erdwich.de>
User-Agent: Roundcube Webmail/1.4.10
Message-ID: <48f01055d0fad1095abdc139cb99456f@kagumhotel.net>
X-Sender: pnh@kagumhotel.net

attach:
ab783e0a4e1080817f4145f30cd24426 PO-02182021 pdf.gz

contains pwd-protected zip
2111fb9404cbce8180364e618cd15143 PO-02182021 pdf.zip

contains exe:
Fk2R8VvodKESjNz.exe

pwd unknown (yet)

Intelligence

File Origin
# of uploads :
1
# of downloads :
142
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Heur.10676.10409.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/95174e5cf3ee5084d34ed48e5a4660f996d7f04555af426cffdc91fe193a0c69/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/95174e5cf3ee5084d34ed48e5a4660f996d7f04555af426cffdc91fe193a0c69

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

gz add0326ef48ecb886fa2512f2d092ee8432066cb44787ec1bde6421051471c86

Loki

zip 95174e5cf3ee5084d34ed48e5a4660f996d7f04555af426cffdc91fe193a0c69

(this sample)

Loki

Executable exe d509c4f1ddd6e950b6dd0937275519234c856d7b75e16c6d3a9d1ac2434da345

  
Dropped by
MD5 ab783e0a4e1080817f4145f30cd24426
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 add0326ef48ecb886fa2512f2d092ee8432066cb44787ec1bde6421051471c86
  
Dropping
SHA256 d509c4f1ddd6e950b6dd0937275519234c856d7b75e16c6d3a9d1ac2434da345
  
Dropping
MD5 de397189fe82a4ebe1598831d5cd01cf

Comments


Avatar
TomU | I'm still here... til the end commented on 2021-02-18 15:28:39 UTC

pwd = filename without ext. ("Fk2R8VvodKESjNz")

de397189fe82a4ebe1598831d5cd01cf Fk2R8VvodKESjNz.exe