MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c868ec84991f4ee4db850e2278cd2a12766cdfdc347f9cb32b7a3cefd1aba7fb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c868ec84991f4ee4db850e2278cd2a12766cdfdc347f9cb32b7a3cefd1aba7fb
SHA3-384 hash: b23e185e46f690178f7f7667a9a38695a3c6a6aaaf2a8f418bac234dcf25c75168bec64d1a7826957581f3d9fcdf9159
SHA1 hash: 395f8c373ca0b018bb5abbd14836d03d58034fba
MD5 hash: d966c84f4b9409fa6676bf25863f2c2e
humanhash: two-zulu-louisiana-one
File name:MOH Contact form 19-11-2020-pdf
Download: download sample
Signature Loki
Create hunting rule
File size:403'036 bytes
First seen:2020-11-19 08:19:38 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:4Ymd4T6C3S4AVEa9rpe00K4LSHJb2xnZV3pRrklp5plIvYhF+qAZLmSZImkYdfkM:qoqX/90zLOp8XQCRLByr6mMy2/HC8fr
TLSH 308423348F0653AB8E4482D46A6418EDFC4409BA3EFB364D5FD03A17351392DE9668BF
Reporter abuse_ch
Tags:Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: copex.hpservidor.com
Sending IP: 184.175.82.131
From: Joan KANG (MOH) <Joan_KANG@moh.gov.sg>
Subject: URGENT: Request for Information
Attachment: MOH Contact form 19-11-2020-pdf (contains "MOH Contact form 19-11-2020-pdf.exe")

Loki C2:
http://195.69.140.147/.op/cr.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
123
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Zip_fs1999.UNOFFICIAL
Create hunting rule

PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Sanesecurity.Malware.25906.ZipHeur.BadExt.UNOFFICIAL
Create hunting rule

Result
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c868ec84991f4ee4db850e2278cd2a12766cdfdc347f9cb32b7a3cefd1aba7fb/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-11-19 08:20:09 UTC
AV detection:
17 of 48 (35.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=zbuozbezd5hojw4fbyrhrtjkcj3gzx64gr7zzmzlpi6o7unlu75q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

zip c868ec84991f4ee4db850e2278cd2a12766cdfdc347f9cb32b7a3cefd1aba7fb

(this sample)

Loki

Executable exe 7c979f0cf243c02c1840734a039369964088577e2ca9513e2d1f22509b33e043

  
Dropping
MD5 9545cd92d3ba05708458af95b9b1d931
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7c979f0cf243c02c1840734a039369964088577e2ca9513e2d1f22509b33e043

Comments