MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 86380292c7cd18d0b949cd194a1742a0d7ff63475d20f292459374bcc671ad5e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 86380292c7cd18d0b949cd194a1742a0d7ff63475d20f292459374bcc671ad5e
SHA3-384 hash: dc6ad12160bd4802e620344259be5fdf50cd4e8289714cc8c3ffcde1412b037ecbbdf36a11257ec6fc7af7a825778919
SHA1 hash: d8834d84f371e9ab280eab774cc83b423e40dbd1
MD5 hash: 307d29573421e898a94f40ccb45712d0
humanhash: vermont-nine-bakerloo-harry
File name:PO 200818-01B.cab
Download: download sample
Signature Loki
Create hunting rule
File size:242'132 bytes
First seen:2020-08-18 12:47:12 UTC
Last seen:Never
File type: cab
MIME type:application/vnd.ms-cab-compressed
ssdeep 6144:pL6ZnGAGO4se/+B90u07OLJpf9/zq47ds+d+bIOT3:pL6NGoa/VJ76re4DYUOT3
TLSH 4634133220025CDE83D577BB4EA70895275D4E56720CF013D08235AE4BF8EABE66F56E
Reporter abuse_ch
Tags:cab CHN geo Loki


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: mail-smail-vm49.hanmail.net
Sending IP: 203.133.180.237
From: 구매부 김승준 과장 <lkj02250000@daum.net>
Subject: 견적 요청
Attachment: PO 200818-01B.cab (contains "PO 200818-O1B.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
54
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/86380292c7cd18d0b949cd194a1742a0d7ff63475d20f292459374bcc671ad5e/
Threat name:
ByteCode-MSIL.Trojan.CryptInject
Create hunting rule
Status:
Malicious
First seen:
2020-08-18 12:49:05 UTC
AV detection:
21 of 29 (72.41%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=qy4afewhzumnbokjzumuuf2cudl76y2hluqpfesfsn2lzrtrvvpa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/86380292c7cd18d0b949cd194a1742a0d7ff63475d20f292459374bcc671ad5e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

cab 86380292c7cd18d0b949cd194a1742a0d7ff63475d20f292459374bcc671ad5e

(this sample)

Loki

Executable exe bf30f4616da5cf69253a4d21081ebc43546835d2f5ec3164b74daecf5f94f5d2

  
Dropping
MD5 d81c29b22b384da36fad651a404135d3
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 bf30f4616da5cf69253a4d21081ebc43546835d2f5ec3164b74daecf5f94f5d2

Comments