MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f65468b41046651986f24cd9eab493957d86829775c9a29be9e262bc1a1701a7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f65468b41046651986f24cd9eab493957d86829775c9a29be9e262bc1a1701a7
SHA3-384 hash: 845bf9304fec8e24170faf52929e4af64960d6b6fb2f9e48fbd6bd31b47abd6731d361efa07de3d3fc09e5d999308965
SHA1 hash: 6535c6888422e69407545a829420dbcb647c9b3b
MD5 hash: cb60f984a6be4eab3b44c1b3a4c34756
humanhash: glucose-river-johnny-low
File name:PO-203984-99.img.jpeg.yr.zip
Download: download sample
Signature Loki
Create hunting rule
File size:539'493 bytes
First seen:2020-10-20 14:56:47 UTC
Last seen:2020-10-20 20:06:36 UTC
File type: zip
MIME type:application/zip
ssdeep 12288:lh47Mc9Tnpk7kbi+D8xQpfHk5QLw03UsitFFTtFPKfHGZ48Ba:/wxTpO+HpfCYk1zyvGra
TLSH F3B423F58EF43EF174D31908143FCE88BE98259ED79A559FB31CE252E86229A07C7841
Reporter abuse_ch
Tags:Loki zip


Avatar
abuse_ch
Malspam distributing Loki:

HELO: jktd3khmail02v.cloudkilat.me
Sending IP: 103.43.47.239
From: BABACAN PESENKURDU <murwat@wisanka.com>
Reply-To: BABACAN PESENKURDU <contact@cie94.fr>
Subject: PO 064
Attachment: PO-203984-99.img.jpeg.yr.zip (contains "PO-203984-99.img.jpeg.yr.exe")

Intelligence

File Origin
# of uploads :
4
# of downloads :
59
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f65468b41046651986f24cd9eab493957d86829775c9a29be9e262bc1a1701a7/
Threat name:
Win32.Trojan.Zmutzy
Create hunting rule
Status:
Malicious
First seen:
2020-10-20 14:58:05 UTC
AV detection:
8 of 48 (16.67%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=6zkgrnaqizsrtbxsjtm6vnetsv6ynauxoxe2fg7j4jrlygqxagtq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f65468b41046651986f24cd9eab493957d86829775c9a29be9e262bc1a1701a7

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

zip f65468b41046651986f24cd9eab493957d86829775c9a29be9e262bc1a1701a7

(this sample)

Loki

Executable exe bc5f291501126650ae296fb6ff820b3c6a34af20168cff8396d92029acb7ff24

  
Dropping
MD5 a9fe2d082fe382b7d2f13a593ea8b9ce
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 bc5f291501126650ae296fb6ff820b3c6a34af20168cff8396d92029acb7ff24

Comments