MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d52ce553d52f9002957e72934be198b8159d6700359bed42d0310fcef73e541f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d52ce553d52f9002957e72934be198b8159d6700359bed42d0310fcef73e541f
SHA3-384 hash: b9bb41ea4d6c046bbee9496ff98ca7395f818338b12a2f226670ec92a3a84e8929dd7a202d00c0754238cc011d91535a
SHA1 hash: d26018a316187045b86e61e116a99dca9ddf1ddd
MD5 hash: 9d4561bc2f61050c27bb738729ef11d9
humanhash: coffee-magnesium-video-ohio
File name:AM OCEAN HARMONY7 VESSEL0093888900090.gz
Download: download sample
Signature Loki
Create hunting rule
File size:740'416 bytes
First seen:2021-01-18 08:21:14 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:yYaMhDHhgzQwGgnG1niuDXdDYzuA4CnLfkoMdG/kPluIwSV0rN9oYAhjy:LawDHyDGzDXdMzbLsfd3PYs0R9DAhjy
TLSH C4F42383395E7C2C445A62DBC0DF91A9D809256EAD0ECB13D7CDF707918831866B3DAB
Reporter abuse_ch
Tags:gz Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: ms12.hinet.net
Sending IP: 103.99.1.144
From: etcplee@ms12.hinet.net
Reply-To: etcplee@ms12.hinet.net
Subject: PDA AM OCEAN HARMONY7 CALL ETA updated 27-28 Jan 2021
Attachment: AM OCEAN HARMONY7 VESSEL0093888900090.gz (contains "AM OCEAN HARMONY7 VESSEL0093888900090.exe")

Loki C2:
http://mannaton.com/zoro/zoro2/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
107
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d52ce553d52f9002957e72934be198b8159d6700359bed42d0310fcef73e541f/
Threat name:
Win32.Trojan.Pwsx
Create hunting rule
Status:
Malicious
First seen:
2021-01-18 06:15:42 UTC
AV detection:
5 of 46 (10.87%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=2uwoku6vf6iaffl6okjuxymyxakz2zyagwn62qwqgeh455z6kqpq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/d52ce553d52f9002957e72934be198b8159d6700359bed42d0310fcef73e541f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

zip d52ce553d52f9002957e72934be198b8159d6700359bed42d0310fcef73e541f

(this sample)

Loki

Executable exe 9c9adb16561049288fd3f771b795890e2f9efa66c2eeb121cea935e7f843ce46

  
Dropping
MD5 5595f93b945c3ba6dee5f896ef150b27
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 9c9adb16561049288fd3f771b795890e2f9efa66c2eeb121cea935e7f843ce46

Comments