MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ed0b23e1dacfba9765e24ccb341b060e5a64cefd0c2a5ff34c71d1171852f57e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ed0b23e1dacfba9765e24ccb341b060e5a64cefd0c2a5ff34c71d1171852f57e
SHA3-384 hash: da525eedeb1905d002d76d9035a0c733e59a31d4f32915924f1ff8a2441ba9534a9393f2d6fbbcc65eba3470f2e97824
SHA1 hash: e83c0504e8c8269f609c8caffadf5d738671d1cb
MD5 hash: 3d7fef26b747c17dc8d7fbd624fe55c6
humanhash: burger-coffee-may-edward
File name:tnt.z
Download: download sample
Signature Loki
Create hunting rule
File size:318'025 bytes
First seen:2020-10-21 07:17:06 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 6144:nwdlwhbHpS20vYboR7rcWMHCl2VYJi9m3b9WBf/eApXyQzocNxZMo:nwd6GbR74WMHA2VYJi9m3b9of/RX3Dnh
TLSH DB6423675B9475960688E46570787298F4D2E0E7653CFCE8B7FCF1808DF89AB7202DA0
Reporter abuse_ch
Tags:Loki TNT z


Avatar
abuse_ch
Malspam distributing Loki:

HELO: mail.genoeven.ga
Sending IP: 103.109.37.44
From: TNT EXPRESS <admin@genoeven.ga>
Subject: TNT SHIPMENT NOTIFICATION
Attachment: tnt.z (contains "tnt.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ed0b23e1dacfba9765e24ccb341b060e5a64cefd0c2a5ff34c71d1171852f57e/
Threat name:
Win32.Trojan.Malrep
Create hunting rule
Status:
Suspicious
First seen:
2020-10-20 15:57:50 UTC
AV detection:
19 of 29 (65.52%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=5ufshyo2z65jozpcjtftigygbzngjtx5bqvf742mohirogcs6v7a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

z ed0b23e1dacfba9765e24ccb341b060e5a64cefd0c2a5ff34c71d1171852f57e

(this sample)

Loki

Executable exe 837b0be05f233ca9b3c73bd07ffebd8c4b2e8dc667d1f5526b6f73653e4edf34

  
Dropping
MD5 97b7870a1153acb046dfd4574435965f
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 837b0be05f233ca9b3c73bd07ffebd8c4b2e8dc667d1f5526b6f73653e4edf34

Comments