MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b3d68497094cb6caf6ecd1f10802f50bc9aed37bd92740959e8e953300c5297b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b3d68497094cb6caf6ecd1f10802f50bc9aed37bd92740959e8e953300c5297b
SHA3-384 hash: 74b12ea27e7ea97098bcc060d6b7ebcfa93776d84b232f0b2d5f733bb179040f600a26bb9be1b7def487c3d77465031d
SHA1 hash: 2d3ba862c7fa65a16d21fb6c8e99b43ca8a072c4
MD5 hash: 4f72831bf40ce5b416419154e5964cb7
humanhash: freddie-solar-two-carolina
File name:GEN_CMACGM_GeneralExportNotice_CMACGMSAMSON_0PG7JE1MA-AC355A066FA10892E0530A00876036D0.gz
Download: download sample
Signature Loki
Create hunting rule
File size:376'962 bytes
First seen:2020-08-13 13:51:51 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:3cnADduiRsV64VZzQparfGQoAIgIBy8/xwDq9YD7ej58HH:3c+du6aMQoAIgIBysxwucq8n
TLSH BB84231F2960BE9D40205D718134FBFFA906D97AE82742289F2D1698562F46FD93F34C
Reporter abuse_ch
Tags:gz Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: server.lemcon-asia.com
Sending IP: 209.182.203.225
From: lanhtn mlahcm <lanhtn@marina-logistics.com>
Subject: fw: (URGENT) SHIPPING INSTRUCTION FOR PO#M-26002645. - BOOKING SGN0754853 >>> SGN0769156
Attachment: GEN_CMACGM_GeneralExportNotice_CMACGMSAMSON_0PG7JE1MA-AC355A066FA10892E0530A00876036D0.gz (contains "GEN_CMACGM_GeneralExportNotice_CMACGMSAMSON_0PG7JE1MA-AC355A066FA10892E0530A00876036D0.exe")

Loki C2:
http://marqaritellimoney.com/zoro/zoro3/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

SecuriteInfo.com.Variant.Zusy.311248.5720.6726.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b3d68497094cb6caf6ecd1f10802f50bc9aed37bd92740959e8e953300c5297b/
Threat name:
Win32.Backdoor.NanoCore
Create hunting rule
Status:
Malicious
First seen:
2020-08-13 13:53:06 UTC
AV detection:
15 of 48 (31.25%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=wplijfyjjs3mv5xm2hyqqaxvbpe25u333etubfm6r2ktgagfff5q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Tinba
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b3d68497094cb6caf6ecd1f10802f50bc9aed37bd92740959e8e953300c5297b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

zip b3d68497094cb6caf6ecd1f10802f50bc9aed37bd92740959e8e953300c5297b

(this sample)

Loki

Executable exe 895ac50f2f6679f346ecb8d1a8c479da958b43a219245c2f7953c08d5835e5f9

  
Dropping
MD5 4a8da1418107c35e66a2f989efcb8840
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 895ac50f2f6679f346ecb8d1a8c479da958b43a219245c2f7953c08d5835e5f9

Comments