MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 671de42c6dd4933724b1ef3373a368d7c34e7e71e536527dc680ee49a8071b55. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 671de42c6dd4933724b1ef3373a368d7c34e7e71e536527dc680ee49a8071b55
SHA3-384 hash: 882cf694a8645ff3e587278ae6007335c45fe44d7284abdc4e559b5bf016d291a2907609468e441bc79de083a1d47cb0
SHA1 hash: cc99fa50eceb1722321b1a0f9369671a8521a559
MD5 hash: ea35e6fec260ffbd6b3345c953e93607
humanhash: pip-chicken-low-ack
File name:PO 3620117688.cab
Download: download sample
Signature Loki
Create hunting rule
File size:259'580 bytes
First seen:2020-07-21 07:35:18 UTC
Last seen:Never
File type: cab
MIME type:application/vnd.ms-cab-compressed
ssdeep 6144:Q9eOHDr9NplawoxS2QmcKU56Xd4L3raPLqUc1HrpXaR32:3GNpIwO62lyUoHrpqRG
TLSH 904423D6DA8B72401285B33E1455C771ECDF557E8A4229CA34C3A915CAEB48372CE39F
Reporter abuse_ch
Tags:cab Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: mail0.723.gillonuminno.ml
Sending IP: 68.183.187.26
From: PETRONAS Group Supply Chain Managem <ict_servicedesk@petronas.com.my>
Subject: PETRONAS Group Purchase Order (PO) was changed
Attachment: PO 3620117688.cab (contains "PO 3620117688.exe")

Loki C2:
http://duclongetc.com/el/need/work/Panel/five/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/671de42c6dd4933724b1ef3373a368d7c34e7e71e536527dc680ee49a8071b55/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-07-21 07:37:09 UTC
AV detection:
20 of 29 (68.97%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=m4o6ildn2sjtojfr54zxhi3i27bu47tr4u3fe7ogqdxetkahdnkq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
0.87
Link:
https://yomi.yoroi.company/submissions/671de42c6dd4933724b1ef3373a368d7c34e7e71e536527dc680ee49a8071b55

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

cab 671de42c6dd4933724b1ef3373a368d7c34e7e71e536527dc680ee49a8071b55

(this sample)

Loki

Executable exe ad1f1c90eb74cc3dfe19362f5247e654896464568647271848734394c9338a5e

  
Dropping
MD5 09a382d722a381a4357909442cb3941e
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ad1f1c90eb74cc3dfe19362f5247e654896464568647271848734394c9338a5e

Comments