MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fbb2d9533207e5e95852450383a11e293cc43eb34cfa3112c2d91489a2591926. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 2 File information 4 Yara Comments

SHA256 hash: fbb2d9533207e5e95852450383a11e293cc43eb34cfa3112c2d91489a2591926
SHA3-384 hash: 2a2cd7757a4fd5314285c8d420886261bd46da8ef35dafd495730db5d447f0a1dcd15166e00cfcd01831bbf61ee13da8
SHA1 hash: 155f157cf1aac30e555eb2705e0c241669daf9d3
MD5 hash: 39d588f793699ecfdd2cd43d64349566
humanhash: wyoming-happy-timing-fanta
File name:Purchase order.zip
Download: download sample
Signature Loki
File size:218'621 bytes
First seen:2020-06-30 13:06:32 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:PL4AVaOptc9XC1IfnUForpjvGB+ZaAI0nvFoG:PL4AsODc1CcnUFyjvGIZaAIoZ
TLSH BA2412696C030E85D1F833A4FE9E1C1729A43FA765F807B15C264C4ED999838895FEB4
Reporter @abuse_ch
Tags:Loki zip


Twitter
@abuse_ch
Malspam distributing Loki:

HELO: sme15.small-dns.com
Sending IP: 183.81.162.123
From: azhar.haron@slwholding.com.my
Subject: Purchase order
Attachment: Purchase order.zip (contains "Purchase order.exe")

Loki C2:
http://slimfile.cf/Slim/fre.php

Intelligence


Mail intelligence
Trap location Impact
Global Low
# of uploads 1
# of downloads 30
Origin country FR FR
ClamAV SecuriteInfo.com.Generic-EXE.UNOFFICIAL
Sanesecurity.Malware.21422.ZipHeur.UNOFFICIAL
CERT.PL MWDB Detection:n/a
Link: https://mwdb.cert.pl/sample/fbb2d9533207e5e95852450383a11e293cc43eb34cfa3112c2d91489a2591926/
ReversingLabs :Status:Malicious
Threat name:ByteCode-MSIL.Trojan.Kryptik
First seen:2020-06-30 13:08:06 UTC
AV detection:14 of 48 (29.17%)
Threat level:   5/5
Spamhaus Hash Blocklist :Malicious file
VirusTotal:No data

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

zip fbb2d9533207e5e95852450383a11e293cc43eb34cfa3112c2d91489a2591926

(this sample)

  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment

Comments