MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b076848ada4dc1840222a88cef673233d7b10b28492a0366db9b14d17023d972. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b076848ada4dc1840222a88cef673233d7b10b28492a0366db9b14d17023d972
SHA3-384 hash: 8add8feef8912390b5c353a90f0de6f898db64559c7059a3623fc548bc4299ae1debad3bf1c003030e2ad2e430e21a6d
SHA1 hash: a947156124aa6d810f6db40a7436e30588e1f099
MD5 hash: e6f2554c8c2c4bbb74882e9caba6c26e
humanhash: bravo-mississippi-fifteen-louisiana
File name:SPPG contract PO12403_PF01-0560-21_Korea Marine Service Power_Contract No 0560-19-01-2021.gz
Download: download sample
Signature Loki
Create hunting rule
File size:137'497 bytes
First seen:2021-01-19 13:09:59 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 3072:+cv53bGXIplO8OcOcujKrcv/kCTVkfYaQEp7HFz8JILkTKTyVWBfOG2N:+6F/nORcOcu2uMVpRLa0yVWBf52N
TLSH C7D3125C073535E6E164A7A085AFD2757188794F2B8784B250BD57CF8CA6F08FBC5708
Reporter abuse_ch
Tags:gz Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: ycg0.207.bnjo.ml
Sending IP: 143.110.150.12
From: Chia Gek Liang, Leslie. <gi@geninsurance.com.sg>
Subject: SPPG contract PO12403_PF01-0560-21_Korea Marine Service Power_Contract No 0560-19-01-2021
Attachment: SPPG contract PO12403_PF01-0560-21_Korea Marine Service Power_Contract No 0560-19-01-2021.gz (contains "SPPG contract PO12403_PF01-0560-21_Korea Marine Service Power_Contract No 0560-19-01-2021.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
154
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b076848ada4dc1840222a88cef673233d7b10b28492a0366db9b14d17023d972/
Threat name:
Win32.Trojan.Zenpak
Create hunting rule
Status:
Malicious
First seen:
2021-01-19 13:10:22 UTC
AV detection:
17 of 29 (58.62%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=wb3ijcw2jxayiarcvcgo6zzsgpl3cczijevagzw3tmknc4bd3fza._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b076848ada4dc1840222a88cef673233d7b10b28492a0366db9b14d17023d972

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

gz b076848ada4dc1840222a88cef673233d7b10b28492a0366db9b14d17023d972

(this sample)

Loki

Executable exe 9035fa3ad7e868ccea307bb51caa20f22e916ff2bea4f9d65513704fabb3af56

  
Dropping
MD5 f90c0eb31b576ebecc5ad824e813baca
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 9035fa3ad7e868ccea307bb51caa20f22e916ff2bea4f9d65513704fabb3af56

Comments