MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b04c81c5ff1c2d474d7267d4f343df4ed45c38b6e67db9836ed9cfb0ab166620. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b04c81c5ff1c2d474d7267d4f343df4ed45c38b6e67db9836ed9cfb0ab166620
SHA3-384 hash: eb60db4bc062dc810ba1af71e04edb754a16e9c3dbd30a2305b3b4bd12d68ab3643cb7502f69cec4590758efbde03683
SHA1 hash: 313f069d8e0f36d0ebd6d074de99ff4fbafd9691
MD5 hash: d78d2c8cc6226d9611a65478ff90ed71
humanhash: delaware-pasta-oregon-diet
File name:0000147.r00
Download: download sample
Signature Loki
Create hunting rule
File size:896'969 bytes
First seen:2020-08-17 19:00:43 UTC
Last seen:Never
File type: r00
MIME type:application/x-rar
ssdeep 12288:favtfFCJqSL0cY4GiJws/Wi1vr/p5ed2FyKHc1f39KYUHzs8bUYW4Y1bjIXvWgJH:fC1ihlZrCILu3ijW4YJOvWgqZS7/1x
TLSH 2A1533B6074918C45FAAC848230A347DABD4ED3D2D1A0AD4E55FF6FC82DE623DB024B4
Reporter abuse_ch
Tags:Loki r00


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: xv20.513.pinotvineryms.cf
Sending IP: 157.245.108.244
From: E-faktura <e-faktura.no-reply@dhl.com>
Subject: APPROVED TRANSMISSION
Attachment: 0000147.r00 (contains "0000147.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b04c81c5ff1c2d474d7267d4f343df4ed45c38b6e67db9836ed9cfb0ab166620/
Threat name:
Win32.Backdoor.NanoCore
Create hunting rule
Status:
Malicious
First seen:
2020-08-17 19:02:11 UTC
AV detection:
15 of 48 (31.25%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=wbgidrp7dqwuotlsm7kpgq67j3kfyofw4z63ta3o3hh3bkywmyqa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/b04c81c5ff1c2d474d7267d4f343df4ed45c38b6e67db9836ed9cfb0ab166620

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

r00 b04c81c5ff1c2d474d7267d4f343df4ed45c38b6e67db9836ed9cfb0ab166620

(this sample)

Loki

Executable exe 9987d8c52079b322db5a969a6c8aca4858262e6bf895d644d2f8c87bee0ec649

  
Dropping
MD5 6173af77cb3629adf7db0aed42a9dc67
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 9987d8c52079b322db5a969a6c8aca4858262e6bf895d644d2f8c87bee0ec649

Comments