MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cead86db7eacf1c5402cb4a85b88c0b7276c524deda2ced5cd3049624cae82d4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cead86db7eacf1c5402cb4a85b88c0b7276c524deda2ced5cd3049624cae82d4
SHA3-384 hash: 86f0edd62bacc09a443445ef9429fb2a9c9cfedc34298da76d9686d0be6b6583c0468a723e47b664c5f29288348968ec
SHA1 hash: 702928b53de15fd1b8a6283d1f19b394aa005e04
MD5 hash: 2d32f606f31cdb286cbad29847e3c8c9
humanhash: table-steak-ack-illinois
File name:AMG-017-PR-2020.iso
Download: download sample
Signature Loki
Create hunting rule
File size:387'072 bytes
First seen:2020-07-01 11:12:32 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 6144:Hn1XbvNPC7KUvAjXAYAabyAI4AeLa8xThl+uslX1JbR0w8KhNezxfR4dKr8:HhN2VlX1JbR0wbyVxr8
TLSH AF844BC072BA4B56EAB657F74A32680047F6B87A613EC3595DCB60DB87A1F100F91B13
Reporter abuse_ch
Tags:iso Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: ntgroup.pt
Sending IP: 37.49.230.253
From: Rui Gonçalves <rui.goncalves@ntgroup.pt>
Subject: Inquiry_AOS Neptune_028E
Attachment: AMG-017-PR-2020.iso (contains "AMG-017-PR-2020.exe")

Loki C2:
http://ukhereweare.tk/test/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.WQF.12119.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cead86db7eacf1c5402cb4a85b88c0b7276c524deda2ced5cd3049624cae82d4/
Threat name:
ByteCode-MSIL.Trojan.Skeeyah
Create hunting rule
Status:
Malicious
First seen:
2020-07-01 11:14:07 UTC
AV detection:
16 of 29 (55.17%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=z2wynw36vty4kqbmwsufxcgaw4twyusn5wrm5vongbewetfoqlka._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

iso cead86db7eacf1c5402cb4a85b88c0b7276c524deda2ced5cd3049624cae82d4

(this sample)

Loki

Executable exe 502832fecda933aed981721b1663dcaf1c2c2a2ba727a42175f7591d30f7c1b5

  
Dropping
MD5 2dac6dd092f9c40b67f34a92c219c396
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 502832fecda933aed981721b1663dcaf1c2c2a2ba727a42175f7591d30f7c1b5

Comments