MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3dbc96d2455f29699b04c8aa6881659186ecc7c35109e927272f69d5773f7f15. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 2 File information 4 Yara Comments

SHA256 hash: 3dbc96d2455f29699b04c8aa6881659186ecc7c35109e927272f69d5773f7f15
SHA3-384 hash: f67c9ccc6f2ac3db068d1bc95204d15166af03e315b15cf54b0b912646e1522981acf7b7b47970e3eb5ab593e6c743c1
SHA1 hash: 0e3c0727a773383851836b0ce5a0133a1954940e
MD5 hash: 1e2bc841a77358073a89f0f9c933829c
humanhash: november-timing-wisconsin-music
File name:Swift Copy .cab
Download: download sample
Signature n/a
File size:172'298 bytes
First seen:2020-06-30 12:45:03 UTC
Last seen:Never
File type: cab
MIME type:application/vnd.ms-cab-compressed
ssdeep 3072:PjyCPodl0qLQmf8ddiMMVN/WNuodps6aZs:mCgPXXfwcMMVN/WoL5s
TLSH 2AF312A0B2BE247D1166495F0C1B5A7AE73BF1CDCB38FF242A476D76A80C9109058DBC
Reporter @abuse_ch
Tags:cab Loki


Twitter
@abuse_ch
Malspam distributing Loki:

HELO: beckwoodpress.com
Sending IP: 45.137.22.81
From: sinman@beckwoodpress.com
Subject: Payment Confirmation Advice
Attachment: Swift Copy .cab (contains "Swift Copy .exe")

Loki C2:
http://siiigroup.com/gst/five/fre.php

Intelligence


Mail intelligence
Trap location Impact
Global High
CH Switzerland Low
# of uploads 1
# of downloads 26
Origin country US US
ClamAV SecuriteInfo.com.Generic-EXE.UNOFFICIAL
CERT.PL MWDB Detection:n/a
Link: https://mwdb.cert.pl/sample/3dbc96d2455f29699b04c8aa6881659186ecc7c35109e927272f69d5773f7f15/
ReversingLabs :Status:Malicious
Threat name:ByteCode-MSIL.Trojan.Kryptik
First seen:2020-06-30 12:46:09 UTC
AV detection:9 of 48 (18.75%)
Threat level:   5/5
Spamhaus Hash Blocklist :Suspicious file
VirusTotal:Virustotal results 4.92%

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

cab 3dbc96d2455f29699b04c8aa6881659186ecc7c35109e927272f69d5773f7f15

(this sample)

  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment

Comments