MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bbda92580b55407851e91e78a9a3b7d87e6b8a78ecb05b7ef33f7e562b8f042f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bbda92580b55407851e91e78a9a3b7d87e6b8a78ecb05b7ef33f7e562b8f042f
SHA3-384 hash: 05d6aebdcf0d7ad56744e6a54d41f0d9fd296a0854246577e340cdcb90ccf711f305f88562c460cf5e90031e3014e246
SHA1 hash: dfa576c7e6613dae83fa202399e8cdd078c120d5
MD5 hash: 722ae1278f27887483b63bcca3fbddf5
humanhash: sodium-robin-north-johnny
File name:TNT Reciept_pdf.z
Download: download sample
Signature Loki
Create hunting rule
File size:313'085 bytes
First seen:2020-10-08 17:39:13 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 6144:/XHhqHzIl1n9GtHVi2p6qfWBXPd1xdJ03qv3lqaruhIw8:/xqI392zkX11W3W3lLuhJ8
TLSH 5F64234972DC1ED67C418617B8FF21DEAAECCAAFBB1D0B92125D058D21356E2CC51CA1
Reporter abuse_ch
Tags:Loki TNT z


Avatar
abuse_ch
Malspam distributing Loki:

HELO: ci6.toservers.com
Sending IP: 190.61.219.219
From: TNT EXPRESS <noreply@tnt.com>
Subject: TNT SHIPMENT NOTIFICATION
Attachment: TNT Reciept_pdf.z (contains "TNT Reciept_pdf.exe")

Loki C2:
http://195.69.140.147/.op/cr.php/AgeDgXyvetPup

Intelligence

File Origin
# of uploads :
1
# of downloads :
110
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bbda92580b55407851e91e78a9a3b7d87e6b8a78ecb05b7ef33f7e562b8f042f/
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-10-08 14:16:41 UTC
AV detection:
23 of 48 (47.92%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=xpnjewalkvahqupjdz4kti5x3b7gxcty5syfw7xth57fmk4paqxq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/bbda92580b55407851e91e78a9a3b7d87e6b8a78ecb05b7ef33f7e562b8f042f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

z bbda92580b55407851e91e78a9a3b7d87e6b8a78ecb05b7ef33f7e562b8f042f

(this sample)

Loki

Executable exe 3ab923cae8d7e06615d1286ef6bb62dd430a1b5bf060972d4d0cdbc47c830ba1

  
Dropping
MD5 b337f84073b8382632eb7937da4cf824
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 3ab923cae8d7e06615d1286ef6bb62dd430a1b5bf060972d4d0cdbc47c830ba1

Comments