MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 312e64000e20d2e2bea671531547ae46d914fd0c050d3d0fdfb57b57affb43a1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 312e64000e20d2e2bea671531547ae46d914fd0c050d3d0fdfb57b57affb43a1
SHA3-384 hash: 6abd9168b8692a712f41f9e7a59dc8238013ffdc1814547ddc9de87b09a897c4f6042cb8f1d06d9d07e825246e46acef
SHA1 hash: 202501d497fb71d4b1c2bad14ee43a99c2ecda99
MD5 hash: 6550b92997f67555117779e4a3864144
humanhash: ink-magnesium-apart-virginia
File name:IMG_2020.24.06-965869708.img
Download: download sample
Signature Loki
Create hunting rule
File size:1'245'184 bytes
First seen:2020-06-24 05:26:29 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 6144:ZLAk/hdCseMXeslTXoEO0FK64hO0GuE/dnkFVaw:ZLAbMXeep7E64o0InKh
TLSH 7545C0073B9CB513C5B90AF994C22B4453B669AA7252F6D97CCC21E52BD3BE648313C3
Reporter abuse_ch
Tags:img Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: mail.amdigital.ro
Sending IP: 176.126.172.55
From: noreply@dhl.com
Subject: DHL EXPRESS DELIVERY - URGENT NOTICE- //AWB 802943863549
Attachment: IMG_2020.24.06-965869708.img (contains "BgvdRKWHIZyOtLa.exe")

Loki C2:
http://zoldpasszus.hu/logs/Panel/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/312e64000e20d2e2bea671531547ae46d914fd0c050d3d0fdfb57b57affb43a1/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-06-24 05:28:05 UTC
AV detection:
16 of 31 (51.61%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=gexgiaaoedjofpvgofjrkr5oi3mrj7imaugt2d67wv5vpl73ioqq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

img 312e64000e20d2e2bea671531547ae46d914fd0c050d3d0fdfb57b57affb43a1

(this sample)

Loki

Executable exe 97ec758a5541e69af9ee25804f13a61596aabf911356edf3e924121133999908

  
Dropping
MD5 4e8f3f205cc32076b6596e11dfe16ea2
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 97ec758a5541e69af9ee25804f13a61596aabf911356edf3e924121133999908

Comments