MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b81006d29bc91c8dda5921d5f228909e4c56ff6bc27a5616ac60b732dfb69c5d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 1 File information 4 Yara Comments

SHA256 hash: b81006d29bc91c8dda5921d5f228909e4c56ff6bc27a5616ac60b732dfb69c5d
SHA1 hash: c7399f3d3dc9713c8a6a5214ebe043ff59969c05
MD5 hash: 5829e8e9ce558cdabbec0e66d6ea6017
File name:Purchase Order.gz
Download: download sample
Signature Loki
File size:189'728 bytes
First seen:2020-05-23 11:18:32 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 3072:kC3ie1fyPJZojBvTxiMAtNL/LBrscLPNL/JJwqOMZ5fj4+:zByP0BtiBNLdJ1L/vxt5bH
TLSH 9A04121B676E85C83A4F9CCA8500E541B02B9BCE69FC896CE09E50CD94CD2D664DC3FE
Reporter @abuse_ch
Tags:gz Loki


Twitter
@abuse_ch
Malspam distributing Loki:

HELO: yogshaexports.com
Sending IP: 23.19.58.125
From: sharma@yogshaexports.com
Subject: Purchase Order
Attachment: Purchase Order.gz (contains "Purchase Order.exe")

Loki C2:
http://obimmaa.ir/todsay/Panel/five/fre.php

Intelligence


Mail intelligence
Trap location Impact
Global High
IT Italy Low
# of uploads 1
# of downloads 21
Origin country FR FR
ClamAV No detection
VirusTotal:Virustotal results 30.65%

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

gz b81006d29bc91c8dda5921d5f228909e4c56ff6bc27a5616ac60b732dfb69c5d

(this sample)

  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment

Comments