MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e8fe745d62d015d49a5086bff33b9624a571369b06d992ebeaa81de56232bd72. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e8fe745d62d015d49a5086bff33b9624a571369b06d992ebeaa81de56232bd72
SHA3-384 hash: 51be2baf2ff883e9aee31742ff93da932ad643552b0529373b940c47e1e103a2e5f74f7ccac0c5463939d593869c596c
SHA1 hash: d3ba90bbdf05943d94ea458619ecaa268df51589
MD5 hash: 3b6728b530227f5e1b9023e2fe48158c
humanhash: four-michigan-three-charlie
File name:TNT eInvoice·pdf.rar
Download: download sample
Signature Loki
Create hunting rule
File size:137'146 bytes
First seen:2020-12-08 16:33:27 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 3072:CTHLrt+kzFJqlpgJOTXsD2t7cKslBbh3rrWLb7PXo:C7nt+kxepgJOjVtolRhfQ4
TLSH BAD312DF5E8679C30B611B80D64FBE864E7A6D391F3CC5470612B280F7E8AF48A414E8
Reporter abuse_ch
Tags:Loki rar TNT


Avatar
abuse_ch
Malspam distributing Loki:

HELO: mail51.hostmaster.sk
Sending IP: 46.229.230.234
From: eInvoicing <service@tnt.com>
Subject: TNT Invoice
Attachment: TNT eInvoice·pdf.rar (contains "TNT eInvoice·pdf.exe")

Loki C2:
http://clubulvacantei.ro/chill/Panel/five/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
171
Origin country :
n/a
Vendor Threat Intelligence
Result
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e8fe745d62d015d49a5086bff33b9624a571369b06d992ebeaa81de56232bd72/
Threat name:
Win32.Trojan.Pwsx
Create hunting rule
Status:
Malicious
First seen:
2020-12-08 16:34:11 UTC
AV detection:
12 of 48 (25.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=5d7hixlc2ak5jgsqq277go4wessxcnu3a3mzf27kvao6kyrsxvza._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/e8fe745d62d015d49a5086bff33b9624a571369b06d992ebeaa81de56232bd72

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

rar e8fe745d62d015d49a5086bff33b9624a571369b06d992ebeaa81de56232bd72

(this sample)

Loki

Executable exe 1939e43aaee73754652e6ca17cb8c0837c84539118de145864901b2449e1edd1

  
Dropping
MD5 238fd803ac1210e5c04afb6bbd266f5a
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 1939e43aaee73754652e6ca17cb8c0837c84539118de145864901b2449e1edd1

Comments