MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 eb607fdcef5904620ee55c6b5eccb0e346a2f21c2f8e58e0c88081adef3bc1c5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: eb607fdcef5904620ee55c6b5eccb0e346a2f21c2f8e58e0c88081adef3bc1c5
SHA3-384 hash: 33ffcd4edbd14721548df152d6203895e5e9f95a08d50f01a2be59f0f337b26d64239c0d2122b8597db1ea610982dde7
SHA1 hash: 9c8eb36b7c2037df1c5417e45c02e28b18cdb9ba
MD5 hash: 0162bb7926ebd3aade15de5b84963ea5
humanhash: wisconsin-butter-beer-purple
File name:payment.iso
Download: download sample
Signature Loki
Create hunting rule
File size:387'072 bytes
First seen:2020-07-08 06:14:06 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 6144:uVs1Ua4vI056yLZTVFGKd+d/PZh0MCUzBnOhJvyWCRrf+qsMC4NN:YbvqyLTFdcd/hOMzGKRrWqs
TLSH 71841231DB9467F6D2180E73472E2E601396E04817782B937B9CED5AB7733D22A5E309
Reporter abuse_ch
Tags:Endurance iso Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: 142-4-22-49.unifiedlayer.com
Sending IP: 142.4.22.49
From: PURCHASE MANAGER <marketing@majbootmhe.com>
Reply-To: "Purchase Manager." <marketing@majbootmhe.com>
Subject: Bank payment/wire transfer
Attachment: payment.iso (contains "payment.exe")

Loki C2:
http://mecharnise.ir/ea1/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.Upx-49
Create hunting rule

PUA.Win.Packer.UpxProtector-1
Create hunting rule

PUA.Win.Packer.Upolyx-12
Create hunting rule

PUA.Win.Packer.Upx-6
Create hunting rule

PUA.Win.Packer.Upx-4
Create hunting rule

PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/385616
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/eb607fdcef5904620ee55c6b5eccb0e346a2f21c2f8e58e0c88081adef3bc1c5/
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-07-08 06:16:06 UTC
AV detection:
18 of 29 (62.07%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=5nqh7xhplecgedxflrvv5tfq4ndkf4q4f6hfrygiqca233z3yhcq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

iso eb607fdcef5904620ee55c6b5eccb0e346a2f21c2f8e58e0c88081adef3bc1c5

(this sample)

Loki

Executable exe ca9f6a11a9200ccde207ba921ae6a6dfef747f88934b90404e779a314ef92ea2

  
Dropping
MD5 e8d71994c54e4a7538f3beaf6e2e8c1e
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ca9f6a11a9200ccde207ba921ae6a6dfef747f88934b90404e779a314ef92ea2

Comments