MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b699eb9d43b3ab2fdc73cbf894fb92b1b8f338e86c67f16575486ec719d88fe2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b699eb9d43b3ab2fdc73cbf894fb92b1b8f338e86c67f16575486ec719d88fe2
SHA3-384 hash: 5d0d945aa251e7f7514a9a85b367a2cb282f6005dd827f3de03728988fd0b33d173cb5db7f9794374eb2705f7f47bf13
SHA1 hash: e858663eb5408472397b0bb0f9233b66a7b50d1e
MD5 hash: 3e4681e61aea9a3df2cb1992207f7fc7
humanhash: crazy-spaghetti-alpha-east
File name:URGENT - CCMA Final Reminder Case GAJK22818289000-20.pdf.gz
Download: download sample
Signature Loki
Create hunting rule
File size:130'351 bytes
First seen:2020-06-15 13:06:44 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 3072:2VSAWMZ72ZfUNw36pxM2gzgzjQkTzW5jWIy9nHX8E:GS6KWCqpxptII1HsE
TLSH 0FD3129A4415CE13EBAF0A81178FF2B0BEFC4FE186E1347045416D2FD1D9EA592682B9
Reporter abuse_ch
Tags:gz Loki MailChannels


Avatar
abuse_ch
Malspam distributing Loki:

HELO: brown.elm.relay.mailchannels.net
Sending IP: 23.83.212.23
From: admin3@ccma.org.za
Subject: URGENT - CCMA Final Reminder: Case GAJK22818289000-20 (GAJK) is scheduled for 'Arbitration' for Mon 22-June-2020 13:00 To Mon 22-June-2020 15:00
Attachment: URGENT - CCMA Final Reminder Case GAJK22818289000-20.pdf.gz (contains "gunzipped")

Loki C2:
http://auongo.com/~zadmin/lk/dn/gate.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.BehavesLike.Win32.Generic.ch.5748.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-06-15 13:08:06 UTC
AV detection:
31 of 48 (64.58%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=w2m6xhkdwovs7xdtzp4jj64swg4pgohinrt7czlvjbxmogoyr7ra._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

gz b699eb9d43b3ab2fdc73cbf894fb92b1b8f338e86c67f16575486ec719d88fe2

(this sample)

Loki

Executable exe 2f425f47756ffd6fca6b449b766d0c073ffda51ed9055a91488b9a72bd5f5546

  
Dropping
MD5 36345a30bc61d27dfd7a3dc01ae5a5ba
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2f425f47756ffd6fca6b449b766d0c073ffda51ed9055a91488b9a72bd5f5546

Comments