MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 66ea8fac7f43257708ae64c55cb78f6d08e3b2467afc6c35eb89946680ec8377. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 66ea8fac7f43257708ae64c55cb78f6d08e3b2467afc6c35eb89946680ec8377
SHA3-384 hash: da35fa0dbb604ca611cde4fd49f5f5b3e83ef850662ba2ba848b7e1d5b835c4aa56583eed9a5f66de65a387351d0b004
SHA1 hash: d06b4cec6dbb0306bc6634c490face7eda34238e
MD5 hash: 075cbb286addebef69282e3cfbfd9355
humanhash: september-autumn-saturn-arizona
File name:075cbb286addebef69282e3cfbfd9355.exe
Download: download sample
Signature Loki
Create hunting rule
File size:770'005 bytes
First seen:2021-08-27 08:26:05 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 12288:QIQr/XGlccuy5uu+ti3vZhfbkJIjqAzvXe:Ir/XGlz87iTbkYJu
TLSH T198F45D3D29FD2237D1B9C795CBE09827F554A8AF3110ADA468D383AA4356E4275C323F
Reporter abuse_ch
Tags:exe Loki

Intelligence

File Origin
# of uploads :
1
# of downloads :
166
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
075cbb286addebef69282e3cfbfd9355.exe
Verdict:
No threats detected
Analysis date:
2021-08-27 08:29:12 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/5f4d1714-585a-4fd2-aa78-5512e84d8dd5

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/182857/
Detection(s):
SecuriteInfo.com.Trojan.PackedNET.1011.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/d9c578e2-2e04-4a5d-99a6-b224885ae3a6
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/840316
Signature
.NET source code contains potential unpacker
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/66ea8fac7f43257708ae64c55cb78f6d08e3b2467afc6c35eb89946680ec8377/
Threat name:
Win32.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-08-27 08:27:07 UTC
AV detection:
9 of 44 (20.45%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=m3vi7ld7imsxocfomtcvzn4pnueohmsgpl6gynplrgkgnahmqn3q._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210827-eswn9yg2se/
Unpacked files
SH256 hash:
66ea8fac7f43257708ae64c55cb78f6d08e3b2467afc6c35eb89946680ec8377
MD5 hash:
075cbb286addebef69282e3cfbfd9355
SHA1 hash:
d06b4cec6dbb0306bc6634c490face7eda34238e
Link:
https://www.unpac.me/results/28a8d354-0a30-4808-aaa7-cb647f91385e/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.14
Link:
https://yomi.yoroi.company/submissions/66ea8fac7f43257708ae64c55cb78f6d08e3b2467afc6c35eb89946680ec8377

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Loki

Executable exe 66ea8fac7f43257708ae64c55cb78f6d08e3b2467afc6c35eb89946680ec8377

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/182857/
  
URLhaus
https://urlhaus.abuse.ch/url/1529990/
  
Delivery method
Distributed via web download

Comments