MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e75b5496850188be2d6c54bd0dfedb2cbb24bfab6e23baf3cd173f4f4d267e94. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e75b5496850188be2d6c54bd0dfedb2cbb24bfab6e23baf3cd173f4f4d267e94
SHA3-384 hash: b92104215f54cb2f60b3cb0207d361145ce09f5fc0036f7e4cce327da5a7273f14521d44b0603caa9eef64e684f79bdc
SHA1 hash: f688ef67d5b015ad4649d9229d7bbb6132578f36
MD5 hash: c3df2066e76898f9dca6993b551d39ba
humanhash: social-paris-mobile-comet
File name:PHOTOS.cab
Download: download sample
Signature Loki
Create hunting rule
File size:176'917 bytes
First seen:2020-06-30 13:09:23 UTC
Last seen:2020-06-30 13:09:37 UTC
File type: cab
MIME type:application/vnd.ms-cab-compressed
ssdeep 3072:QZFiCy9XCpMSMjfX9GQ1u7nP1oOOKKpb9HWzfHZSicD4zFjDfQ/GwonFbeeebGc:86lCqj79GJ7/OJpbRWz874zFjDIZo9v6
TLSH 61041283B215BEB7846F1DFAEE71ED1567F6A0B64F1C2E220856434954CD5E003ABE8C
Reporter abuse_ch
Tags:cab Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: damacgroup.com
Sending IP: 185.222.58.113
From: THOMAS <Liju.Thomas@damacgroup.com
Subject: PHOTOS
Attachment: PHOTOS.cab (contains "PHOTOS.exe")

Loki C2:
http://siiigroup.com/blue/five/fre.php

Intelligence

File Origin
# of uploads :
2
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Generic-EXE.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e75b5496850188be2d6c54bd0dfedb2cbb24bfab6e23baf3cd173f4f4d267e94/
Threat name:
ByteCode-MSIL.Backdoor.NanoCore
Create hunting rule
Status:
Malicious
First seen:
2020-06-30 13:11:04 UTC
AV detection:
16 of 28 (57.14%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=45nvjfufagel4llmks6q37w3fs5sjp5lnyr3v46nc47u6tjgp2ka._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

cab e75b5496850188be2d6c54bd0dfedb2cbb24bfab6e23baf3cd173f4f4d267e94

(this sample)

Loki

Executable exe 35e98bf3fa256eb6da9c3d42ca993c1e958794020aa60c6b328e781a99439d75

  
Dropping
MD5 18d2748e9b4788e5fb713aba110be1fc
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 35e98bf3fa256eb6da9c3d42ca993c1e958794020aa60c6b328e781a99439d75

Comments