MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a28c5dec9756b7671b1d086b3798ec49653a9425bd6bca936fa85aa01476f25f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a28c5dec9756b7671b1d086b3798ec49653a9425bd6bca936fa85aa01476f25f
SHA3-384 hash: 2fd5eca2db60bda4fd5efea87a23d3a2c7c5b8d18ea1f75a93206e6730bff5b9d020f7195de74b84c3d317ae92575067
SHA1 hash: 564478e5272310c6b23e04c2aca02541aaf7d0ca
MD5 hash: 578241edf930d5d5ea9e4473a1d7a281
humanhash: missouri-kansas-idaho-west
File name:INQUIRY.r00
Download: download sample
Signature Loki
Create hunting rule
File size:355'757 bytes
First seen:2020-09-23 04:01:23 UTC
Last seen:Never
File type: r00
MIME type:application/x-rar
ssdeep 6144:CCCaNjoI94Zq6HxY4cTmQt4E+d/0xwOrlE0nn7e9I5o3p6t5KlOUyPMB9KS/Rw7+:cAd4jHxStz+d/0xbrpn7e9Iu6tyQMdJ/
TLSH 5F742396777B10F6C2984A2A74D66011E037852B9FF3F925BFCCB4246BC57A22C3A354
Reporter cocaman
Tags:Loki r00


Avatar
cocaman
Malicious email (T1566.001)
From: "Flavio <f.chivas@hotmail.com>"
Received: "from pu0.720.gonbino.ml (pu0.720.gonbino.ml [134.122.53.50]) "
Date: "Tue, 22 Sep 2020 17:10:36 -0700"
Subject: "P/O Inquiry"
Attachment: "INQUIRY.r00"

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a28c5dec9756b7671b1d086b3798ec49653a9425bd6bca936fa85aa01476f25f/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-09-23 00:30:45 UTC
File Type:
Binary (Archive)
Extracted files:
40
AV detection:
10 of 48 (20.83%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ukgf33exk23wogy5bbvtpghmjfstvfbfxvv4ve3pvbnkafdw6jpq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Lokibot
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/a28c5dec9756b7671b1d086b3798ec49653a9425bd6bca936fa85aa01476f25f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

r00 a28c5dec9756b7671b1d086b3798ec49653a9425bd6bca936fa85aa01476f25f

(this sample)

Loki

Executable exe 20d228902e80950b04fb2ef5964593b0e9da70ceb731df60a4d77f8a7a9cfb28

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 20d228902e80950b04fb2ef5964593b0e9da70ceb731df60a4d77f8a7a9cfb28
  
Dropping
Loki

Comments