MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d01ff4b2e713ada38bcb327eefa09a7b3532358fda91bc5b31917c5753b7ae39. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d01ff4b2e713ada38bcb327eefa09a7b3532358fda91bc5b31917c5753b7ae39
SHA3-384 hash: 3a6fec5b678844c33cebb1a0303f670589849251d7340023ad26ecf900ab350044f11389169a2a15eb5bd11b287397dd
SHA1 hash: bb925e405dcc6015c0f844c7a436a244f41c7a06
MD5 hash: ae0f7de651d474756290eb7b249648f5
humanhash: kitten-ohio-bakerloo-wisconsin
File name:SKM_554e20052510110.zip
Download: download sample
Signature Loki
Create hunting rule
File size:237'534 bytes
First seen:2020-06-02 19:06:57 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:hHzZLrJaydD3DiCOH0zNqErmUKtx2r/juXF/8J:hHV9ayRTiN0zNqErmhtwrQSJ
TLSH 533423869755D687C300C627ECA74AF9D1E4DE9C0EDC523825B17A8E0A73C8FDAA341D
Reporter abuse_ch
Tags:Loki zip


Avatar
abuse_ch
Malspam distributing Loki:

HELO: mail.genonop.ml
Sending IP: 89.36.212.225
From: jeffreywang(tvl) <jeffreywang@tvlgroups.com> <admin@genonop.ml>
Subject: *退轉通知*SO:8084 -Order no.:95944, 96050, 96051, 96049, 96146,
Attachment: SKM_554e20052510110.zip (contains "SKM_554e20052510110.scr")

Loki C2:
http://evervisionicd.com/xabby/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Genkryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-02 19:35:55 UTC
File Type:
Binary (Archive)
Extracted files:
13
AV detection:
19 of 48 (39.58%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=2ap7jmxhcow2hc6lgj7o7ie2pm2tenmp3ki3ywzrsf6fou5xvy4q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

zip d01ff4b2e713ada38bcb327eefa09a7b3532358fda91bc5b31917c5753b7ae39

(this sample)

Loki

Executable exe 4ce85a5ad0ec5e5ba42fc86811682f825af3dcc00dfd6ce992fa1359aaf2499a

  
Dropping
MD5 4483fa479dc0c49be3bf628e29a5c731
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4ce85a5ad0ec5e5ba42fc86811682f825af3dcc00dfd6ce992fa1359aaf2499a

Comments