MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b58e39f4c11542273af7d610b13b7e6be004d04c393ccde1b61eba5183958de6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b58e39f4c11542273af7d610b13b7e6be004d04c393ccde1b61eba5183958de6
SHA3-384 hash: 0e690cc6207b5dfee5fdd2ab3b53004eb4830e4a38a0cc0b19bdda594cfad8c205802fb0388f621c44912fe9ff9b1e38
SHA1 hash: 4b98a845384908d04b26e9bcfe50358e92d5dd58
MD5 hash: 3e7614e81cc24d60eed7acac23db4541
humanhash: five-mountain-fruit-emma
File name:PO_60577.r03
Download: download sample
Signature Loki
Create hunting rule
File size:445'876 bytes
First seen:2021-01-13 07:34:23 UTC
Last seen:Never
File type: r03
MIME type:application/x-rar
ssdeep 12288:zW2lullmL9qk/ks+s8fBaso4zkBT7uQk9kJ+v9X1yeNMlbEc3LEo:zFQS9qM+s8foNqkZ1P+vKeNkbEjo
TLSH 4994233191B66CFC00B4CE9F14CC46C9A0719A1F9EF2D9878C236675E1671E8A72D52F
Reporter abuse_ch
Tags:Loki r03


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: cxm0.506.pxwi.ml
Sending IP: 159.203.38.165
From: antoine.ifono@sonoco-sa.com
Subject: order 2021-PO_60577
Attachment: PO_60577.r03 (contains "PO_60577.scr")

Intelligence

File Origin
# of uploads :
1
# of downloads :
191
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
SUSPICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b58e39f4c11542273af7d610b13b7e6be004d04c393ccde1b61eba5183958de6/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-01-13 03:16:48 UTC
AV detection:
10 of 46 (21.74%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=wwhdt5gbcvbcooxx2yilco36npqajucmhe6m3ynwd25fda4vrxta._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/b58e39f4c11542273af7d610b13b7e6be004d04c393ccde1b61eba5183958de6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

r03 b58e39f4c11542273af7d610b13b7e6be004d04c393ccde1b61eba5183958de6

(this sample)

Loki

Executable exe c75e2b1752bd8221bd68fea21243915af2a92834a23d148a46e41b370badfd18

  
Dropping
MD5 000af790102eb884cfb98b2e4cf50d5a
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c75e2b1752bd8221bd68fea21243915af2a92834a23d148a46e41b370badfd18

Comments