MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b81006d29bc91c8dda5921d5f228909e4c56ff6bc27a5616ac60b732dfb69c5d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b81006d29bc91c8dda5921d5f228909e4c56ff6bc27a5616ac60b732dfb69c5d
SHA3-384 hash: 129d50bf7119a55d740cc537f48811b3255f43b0f20f23c26158a5ec4e9695e73f994ee0c1583aab235cd3303546b6bc
SHA1 hash: c7399f3d3dc9713c8a6a5214ebe043ff59969c05
MD5 hash: 5829e8e9ce558cdabbec0e66d6ea6017
humanhash: salami-oklahoma-lamp-triple
File name:Purchase Order.gz
Download: download sample
Signature Loki
Create hunting rule
File size:189'728 bytes
First seen:2020-05-23 11:18:32 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 3072:kC3ie1fyPJZojBvTxiMAtNL/LBrscLPNL/JJwqOMZ5fj4+:zByP0BtiBNLdJ1L/vxt5bH
TLSH 9A04121B676E85C83A4F9CCA8500E541B02B9BCE69FC896CE09E50CD94CD2D664DC3FE
Reporter abuse_ch
Tags:gz Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: yogshaexports.com
Sending IP: 23.19.58.125
From: sharma@yogshaexports.com
Subject: Purchase Order
Attachment: Purchase Order.gz (contains "Purchase Order.exe")

Loki C2:
http://obimmaa.ir/todsay/Panel/five/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-23 08:41:57 UTC
File Type:
Binary (Archive)
Extracted files:
4
AV detection:
18 of 31 (58.06%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

gz b81006d29bc91c8dda5921d5f228909e4c56ff6bc27a5616ac60b732dfb69c5d

(this sample)

Loki

Executable exe 500ae25cf76e0cc069f42128aeb1a96072b6d0281a6ed2ff6d0b0a26b4e9556a

  
Dropping
MD5 cd205803dd3103d4f891d5dfcc55fd92
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 500ae25cf76e0cc069f42128aeb1a96072b6d0281a6ed2ff6d0b0a26b4e9556a

Comments