MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 db2dbea06f6f9a4bdfaba3ec310873ddc76a5984e02529bb87565426823bf585. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: db2dbea06f6f9a4bdfaba3ec310873ddc76a5984e02529bb87565426823bf585
SHA3-384 hash: 32315bb38e6df1aa5de303633a9c0935b2e3489106908404b4e1f77484599f3428b07751ea82269b8d908f7eedb21ec7
SHA1 hash: 62bd30a363b5b21fc909a912f9dae0df9c9a5769
MD5 hash: b19abb2b6ca84fbd30a06cabd8195451
humanhash: echo-paris-coffee-jig
File name:TNT Express Notification.rar
Download: download sample
Signature Loki
Create hunting rule
File size:809'804 bytes
First seen:2020-04-02 06:23:07 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:lijFXMDadlnry3A8o0rHw4g1WxeXOjnpCgcq9eXJMYsQLOBjV4tU:lijFce0A8V7g0xeWnJD9i9cjV
TLSH 5D052387CE79CE4C8ECFC02372B37607AA6210A44BC2535D563ED139F0A966B70B2657
Reporter abuse_ch
Tags:COVID-19 Loki rar


Avatar
abuse_ch
COVID-19 themed malspam distributing Loki:

HELO: host.s102host.com
Sending IP: 206.225.80.195
From: TNT Customer Care <customerservice.sg@tnt.com>
Subject: Your shipment was returned to our office!!! BECAUSE OF COVID-19 OUTBREAK(TNT Express Notification)
Attachment: TNT Express Notification.rar (contains "TNT Express Notification.exe")
Attachment: TNT Express Notification.zip (contains "TNT Express Notification.exe")

Loki C2s:
http://supergeorgia.ge/ged/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
91
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Cklmpdq
Create hunting rule
Status:
Malicious
First seen:
2020-04-02 06:35:41 UTC
File Type:
Binary (Archive)
Extracted files:
27
AV detection:
20 of 47 (42.55%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=3mw35idpn6nexx5lupwdccdt3xdwuwme4assto4hkzkcnar36wcq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

rar db2dbea06f6f9a4bdfaba3ec310873ddc76a5984e02529bb87565426823bf585

(this sample)

Loki

Executable exe 61a34452d0fe45c9ca538fae20e355c89d2d104b5dc8f50ca46be2d1e59e83c4

  
Dropping
MD5 6504420451757781bdba1e4e417d8a9d
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 61a34452d0fe45c9ca538fae20e355c89d2d104b5dc8f50ca46be2d1e59e83c4

Comments