MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 60d73d0553a5a574fb60e3af376f185aeba75af043582b924db9011dffb038cb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 60d73d0553a5a574fb60e3af376f185aeba75af043582b924db9011dffb038cb
SHA3-384 hash: 2f114f588816dff32328d9d89c279cbd68b629a1f2b0d006dcf50143948a7d9598cf9105289ba0a3a9d6520c8867579c
SHA1 hash: b68d9c198d79ba7d35926c27d06b6bbbc569c8f9
MD5 hash: 9073f4068a86e39df7a7b1aab6986654
humanhash: oscar-sodium-fillet-glucose
File name:goodluck.cab
Download: download sample
Signature Loki
Create hunting rule
File size:139'405 bytes
First seen:2020-07-13 06:39:19 UTC
Last seen:Never
File type: cab
MIME type:application/vnd.ms-cab-compressed
ssdeep 3072:jEwz3dsc9e29k5MHi6yBmA6XyzsHbtj025:sc9f9zi6YQZgi
TLSH 7AD312B8E2B6ADC1C2D37FD96C53D758D12DC222005D9E3896CC8CA62F84E235837A5D
Reporter abuse_ch
Tags:cab geo KOR Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: mail-smail-vm80.hanmail.net
Sending IP: 211.231.106.155
From: 에드가인터내셔날 <mhee20@hanmail.net>
Subject: 긴급 견적의뢰
Attachment: goodluck.cab (contains "goodluck.exe")

Loki C2:
http://79.124.8.8/plesk-site-preview/chongelctricals.com/http/79.124.8.8/goodluck/Panel/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/60d73d0553a5a574fb60e3af376f185aeba75af043582b924db9011dffb038cb/
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-07-13 06:41:04 UTC
AV detection:
6 of 48 (12.50%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=mdlt2bktuwsxj63a4oxto3yyllv2owxqinmcxesnxear375qhdfq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

cab 60d73d0553a5a574fb60e3af376f185aeba75af043582b924db9011dffb038cb

(this sample)

Loki

Executable exe aff8e79eb627e87ebf95d5f77df5a0ca063004b733df90cd1caad8350eca88b3

  
Dropping
MD5 47e106c6e4d029735df66593393da569
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 aff8e79eb627e87ebf95d5f77df5a0ca063004b733df90cd1caad8350eca88b3

Comments