MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0a64c6e419a43f43b4a3498d0721fd7bf6424ec13f35b7f3c817dfb22b1200b7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0a64c6e419a43f43b4a3498d0721fd7bf6424ec13f35b7f3c817dfb22b1200b7
SHA3-384 hash: 0f63bc899f07752f1ba9910afc1f967734b7977a7096188205037d2a7aec446febc91f90fbf5eac5bc6a71d87b638a09
SHA1 hash: 0c519fd0fd0f12a5fc87a1332c01da45d7061714
MD5 hash: 3fd0c15df6351396f4690c5adca24bd4
humanhash: mississippi-kitten-lake-eighteen
File name:DRAWINGS.rar
Download: download sample
Signature Loki
Create hunting rule
File size:483'570 bytes
First seen:2020-10-23 06:35:24 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:BKCoaUB3r14VCD5LW9h+viBHCNV+F0saRSSy7Eb:o1aUBp4VwLW9h+viCD89Sy7q
TLSH 3FA423210BB7628E4EE41A876B4DF9DE5FD88C829D413B6917403AD8348E553BC85F2F
Reporter abuse_ch
Tags:Loki rar


Avatar
abuse_ch
Malspam distributing Loki:

HELO: software.urnetworkteam.com
Sending IP: 198.50.243.123
From: ilias@starlinedubai.com
Reply-To: Faisal <Hitech16006@yandex.com>
Subject: RE:Request for qoute / Purchase Order
Attachment: DRAWINGS.rar (contains "DRAWINGS.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0a64c6e419a43f43b4a3498d0721fd7bf6424ec13f35b7f3c817dfb22b1200b7/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-10-22 20:12:12 UTC
AV detection:
22 of 28 (78.57%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=bjsmnzazuq7uhnfdjggqoip5pp3eetwbh423p46ic7p3ekysac3q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

rar 0a64c6e419a43f43b4a3498d0721fd7bf6424ec13f35b7f3c817dfb22b1200b7

(this sample)

Loki

Executable exe 693363580ad37f4eb5bf51a5c02aad346182e7e2ff03fe44d8ec88044c99e53b

  
Dropping
MD5 cb088c1d659979936d9d77d1e46a0b00
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 693363580ad37f4eb5bf51a5c02aad346182e7e2ff03fe44d8ec88044c99e53b

Comments