MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 add0326ef48ecb886fa2512f2d092ee8432066cb44787ec1bde6421051471c86. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: add0326ef48ecb886fa2512f2d092ee8432066cb44787ec1bde6421051471c86
SHA3-384 hash: 33aef60f0a9543097ffd77694a0a532bd20e190fbb79b408e96e03def09e2a02a1b0ede44f011baf3e7796d022cecfbf
SHA1 hash: f0b237ef8262bc37203a6da57f363be4c5ab61f4
MD5 hash: ab783e0a4e1080817f4145f30cd24426
humanhash: blue-fruit-fourteen-maryland
File name:PO-02182021 pdf.gz
Download: download sample
Signature Loki
Create hunting rule
File size:730'224 bytes
First seen:2021-02-18 15:09:22 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 12288:K/MXLBf0VLzOSvDdZ9RWAcCcNByGPBt/cRJLmfcc4opGR6gX2KuVNyLJZg6did6A:K/MXLZ8OkdsAcdBf/cfwcc4VPiyNq
TLSH 6AF433B1B30B3DA5C86B2BE803DB704944EDCDEA7532A4BF25CE05889D1D8EB605855F
Reporter c_APT_ure
Tags:pwd-protected


Avatar
c_APT_ure
Date: Thu, 18 Feb 2021 21:34:19 +0700
From: Norbert Streicher <pnh@kagumhotel.net>
To: undisclosed-recipients:;
Subject: Fw: Aw: PURCHASE ORDER
Reply-To: Norbert Streicher <N.Streicher@erdwich.de>
User-Agent: Roundcube Webmail/1.4.10
Message-ID: <48f01055d0fad1095abdc139cb99456f@kagumhotel.net>
X-Sender: pnh@kagumhotel.net

contains pwd-protected zip
2111fb9404cbce8180364e618cd15143 PO-02182021 pdf.zip

contains exe:
Fk2R8VvodKESjNz.exe

pwd unknown (yet)

Intelligence

File Origin
# of uploads :
1
# of downloads :
134
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Heur.10676.10409.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Heur.3713.29441.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/add0326ef48ecb886fa2512f2d092ee8432066cb44787ec1bde6421051471c86/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=vxide3xur3fyq35ckexs2cjo5bbsazwlir4h5qn54zbbaukhdsda._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/add0326ef48ecb886fa2512f2d092ee8432066cb44787ec1bde6421051471c86

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

gz add0326ef48ecb886fa2512f2d092ee8432066cb44787ec1bde6421051471c86

(this sample)

Loki

Executable exe d509c4f1ddd6e950b6dd0937275519234c856d7b75e16c6d3a9d1ac2434da345

Loki

zip 95174e5cf3ee5084d34ed48e5a4660f996d7f04555af426cffdc91fe193a0c69

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 95174e5cf3ee5084d34ed48e5a4660f996d7f04555af426cffdc91fe193a0c69
  
Dropping
MD5 2111fb9404cbce8180364e618cd15143

Comments