MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 eba026ca3e37bd3093aa7bd09fdad99869edd84f938fb804ade984fde6ca4f7e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: eba026ca3e37bd3093aa7bd09fdad99869edd84f938fb804ade984fde6ca4f7e
SHA3-384 hash: 8fa9bd752d1cb52e50cf97230d308bc703dbcbb8ce2473c44927bf38bdccc4ab03b125854e8339507c04626e199d3cdc
SHA1 hash: b32ebacde7fe4c447af8975b9323fd94f5c8c4ce
MD5 hash: 18cc94cb83b18634a48162360e3e1f8d
humanhash: cat-music-princess-cardinal
File name:New Order_WR-088399R_doc3.zip
Download: download sample
Signature Loki
Create hunting rule
File size:415'196 bytes
First seen:2020-05-05 08:57:23 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:kOplatmo0dY3KKXLsFSoWuOdiFP4ga4eS:kOStqdVKXLNF4z
TLSH FB94238A29852F4ED452DF8BF844C91BC28763A3995A5D18D95687ECCD3F3C2388D0BD
Reporter abuse_ch
Tags:Loki zip


Avatar
abuse_ch
Malspam distributing Loki:

HELO: setentaycinco14.nsprimario.com
Sending IP: 188.93.75.14
From: OMRON IMPORT UK Ltd <donatella@fabiorusconi.it>
Reply-To: donatella@fabiorusconi.it
Subject: Re:Re:Re:Re:Re:New Order\x0a\x09_WR-088399R_doc(3)_109.818,52€
Attachment: New Order _WR-088399R_doc3.zip (contains "New Order _WR-088399R_doc.exe")

Loki C2:
http://maylnk.ga/ATZ/five/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
91
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Dropper.Remcos-7759529-0
Create hunting rule

PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Sanesecurity.Malware.25081.ZipHeur.BadExt.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.22623.ZipHeur.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-06 04:00:54 UTC
File Type:
Binary (Archive)
Extracted files:
3
AV detection:
30 of 48 (62.50%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=5oqcnsr6g66tbe5kppij7wwztbu63wcpsoh3qbfn5gcp3zwkj57a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

zip eba026ca3e37bd3093aa7bd09fdad99869edd84f938fb804ade984fde6ca4f7e

(this sample)

Loki

Executable exe 0321b082e29f9b21f9994c225d25ff752bd6359ae9c10c79fe7cff61cfd770dd

  
Dropping
MD5 326faebf07483fa596d9c7ac36b0af97
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0321b082e29f9b21f9994c225d25ff752bd6359ae9c10c79fe7cff61cfd770dd

Comments