MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e246e713c504bfc2f3453fd63b2d31bb3e204d2d65e953a66faca1b8418946e3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e246e713c504bfc2f3453fd63b2d31bb3e204d2d65e953a66faca1b8418946e3
SHA3-384 hash: d225d94b8b2cc59b7e045ca80f9339ee4c0540bab1405a302b577f847d0df37474befe732ae124b03db2bbc644511b82
SHA1 hash: 84279f789d109bc3990db173a1b37198620bb403
MD5 hash: 57db9a03b0d8dfa533a051ec31d0b537
humanhash: vermont-seventeen-april-quiet
File name:PI 02 Final.arj
Download: download sample
Signature Loki
Create hunting rule
File size:11'594 bytes
First seen:2021-04-08 07:03:27 UTC
Last seen:Never
File type: arj
MIME type:application/x-rar
ssdeep 192:cBmdciDUOTRgvKrddGHKuGe59srho1pydNqoxHWhdOzhAY+2xBPYmc8/uTNsw+0s:3dciR6KjsK28O1pGNfxHWQ6Y+sxC82T0
TLSH C632BFB382C3F85E891244EFB4468C67816CB2DBC91E68B271CC475379E53AD88FA591
Reporter abuse_ch
Tags:arj Loki


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: mail.kohoku.lk
Sending IP: 222.165.180.112
From: Kang weishun / 004192 <Kang@jas.com>
Reply-To: account@jas.com
Subject: PAYMENT ADVISE(103) TT/USD/**,1**/2021
Attachment: PI 02 Final.arj (contains "kayo.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
111
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e246e713c504bfc2f3453fd63b2d31bb3e204d2d65e953a66faca1b8418946e3/
Threat name:
ByteCode-MSIL.Backdoor.Androm
Create hunting rule
Status:
Malicious
First seen:
2021-04-08 03:56:40 UTC
AV detection:
7 of 48 (14.58%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=4jdooe6fas74f42fh7ldwljrxm7catjnmxuvhjtpvsq3qqmji3rq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/e246e713c504bfc2f3453fd63b2d31bb3e204d2d65e953a66faca1b8418946e3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

arj e246e713c504bfc2f3453fd63b2d31bb3e204d2d65e953a66faca1b8418946e3

(this sample)

Loki

Executable exe 7aeaa9cbabc54c36844d5852172c449865bf4c524693ae7aa9909b87627052fa

  
Dropping
MD5 7b9af96c1828d52a8d6380b02ef72c18
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7aeaa9cbabc54c36844d5852172c449865bf4c524693ae7aa9909b87627052fa

Comments