MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d122defee8a4f28034fc14af52d4e4d06f4405525b35f1d4ec66ed53ecbc8161. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d122defee8a4f28034fc14af52d4e4d06f4405525b35f1d4ec66ed53ecbc8161
SHA3-384 hash: de3ad28c123a71824684fa79f89e7315e7b349bb10a791354742b90afb07652cb7c412284ce631246551b3df3637f40d
SHA1 hash: 83799afcc1c8c5b7564cfd1396c526941236e106
MD5 hash: 58ce2a14f0893451c02d9d8245ebcb42
humanhash: victor-september-earth-mars
File name:PIBL_Shipping Documents.gz
Download: download sample
Signature Loki
Create hunting rule
File size:56'729 bytes
First seen:2020-05-19 05:55:07 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 1536:46w9c3C3H7d2iss+OS4NChpfwQDCIJGDPzYvlU+zC:4WUZ2K5BChpHDn04vlU+zC
TLSH 014302B406E36DE7F16952EF80262E9AEF534147D7D74A91E92EE61293B1620C0F0393
Reporter abuse_ch
Tags:gz Loki Maersk


Avatar
abuse_ch
Malspam distributing Loki:

HELO: maersk.com
Sending IP: 142.11.196.197
From: Maersk Line. <ca.export@maersk.com>
Reply-To: Maersk Line <noreply@domain-admin.com>
Subject: RE: PI&BL Shipping_Document$
Attachment: PIBL_Shipping Documents.gz (contains "PI&BL Shipping Documents.bat")

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-19 10:40:27 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
26 of 48 (54.17%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=2ern57xiutzianh4csxvfvhe2bxuibkslm27dvhmm3wvh3f4qfqq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

gz d122defee8a4f28034fc14af52d4e4d06f4405525b35f1d4ec66ed53ecbc8161

(this sample)

Loki

Executable exe 15c365dfb62dc041e46ede5ae90f2e0966d1000b5936f0ed5d68f5d10e813171

  
Dropping
MD5 e88f43078edf8a8352e7455ad7bd2f6f
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 15c365dfb62dc041e46ede5ae90f2e0966d1000b5936f0ed5d68f5d10e813171

Comments