MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e225b6ddd88de077002f2015bd9c1dca168e3a5cc0cdeade15a511e00d97ebf5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e225b6ddd88de077002f2015bd9c1dca168e3a5cc0cdeade15a511e00d97ebf5
SHA3-384 hash: c9f43863263329d8804da30bb126b62ddebd35f75f7dba23e42590302959ed6d338d7d92336c5a8d9928098cfb38d2c0
SHA1 hash: 235678f3be0c8f7746831945ca6cb0374529d7e7
MD5 hash: c2946c1c7bf0d381117e99b8b185b165
humanhash: jupiter-vermont-sink-sierra
File name:New-PO-65567768097-Order-Specfication-2020-Project,xlxs.z
Download: download sample
Signature Loki
Create hunting rule
File size:204'871 bytes
First seen:2020-07-16 06:27:38 UTC
Last seen:Never
File type: z
MIME type:application/x-rar
ssdeep 6144:09r4hc1sxZPMndXP0lNMnsRg4tVDaXKey6Sz:2acCxOndXP0lEsR7TDJezY
TLSH 461422B98270BE41D1EA5248D87E7732B35316CF3D8F1AE4E59CC1A18C976D226C5E13
Reporter abuse_ch
Tags:Loki z


Avatar
abuse_ch
Malspam distributing Loki:

HELO: mail-smail-vm84.hanmail.net
Sending IP: 211.231.106.159
From: 이름모를남자 <lomany@hanmail.net>
Subject: New Purchase Order -June-Order-Sample& Company-Specifications
Attachment: New-PO-65567768097-Order-Specfication-2020-Project,xlxs.z (contains "New-PO-65567768097-Order-Specfication-2020-Project,xlxs.exe")

Loki C2:
http://emirate-net.me/phazzyitalian/five/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e225b6ddd88de077002f2015bd9c1dca168e3a5cc0cdeade15a511e00d97ebf5/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-07-16 06:29:06 UTC
AV detection:
15 of 29 (51.72%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=4is3nxoyrxqhoabpeak33ha5zili4os4ydg6vxqvuui6admx5p2q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

z e225b6ddd88de077002f2015bd9c1dca168e3a5cc0cdeade15a511e00d97ebf5

(this sample)

Loki

Executable exe fc83ea48f38623db8af07e9dad3b2802bb49284ab2b69620eaf9a25f62177329

  
Dropping
MD5 02982f79ab0c68426ff4a956c69d4dad
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 fc83ea48f38623db8af07e9dad3b2802bb49284ab2b69620eaf9a25f62177329

Comments