MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6e7088a2fcfc78b843e28efd33ce44c5a232df7f7e6d6b1df881a17d2a13358d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6e7088a2fcfc78b843e28efd33ce44c5a232df7f7e6d6b1df881a17d2a13358d
SHA3-384 hash: 67b5290854b694018b181027c4d9e090dc75f59334f833f76848ddd60a2b41d2f62e13aa8447fa542c7c93b432c31b22
SHA1 hash: 134f3fc2c8752697961967af72433f96f1e219f8
MD5 hash: a05ed105a9c1ea88d01de7f3a159a4a5
humanhash: white-pennsylvania-golf-ceiling
File name:List.cab
Download: download sample
Signature Loki
Create hunting rule
File size:391'433 bytes
First seen:2020-08-03 12:11:25 UTC
Last seen:Never
File type: cab
MIME type:application/vnd.ms-cab-compressed
ssdeep 6144:K6REgfACNQIOVdSk3/y2bqw8K7DIL0+Z9EJu/VWAlnKf50ChJKF0ptB2FwtAgsLr:ZugHQdVZ/y2bUT4mMAIR0CeFODscDUn7
TLSH 888423D68FCF0A49090836385736B68B431CEEE15362DE5643CAE4E0D55B7EAC62953C
Reporter abuse_ch
Tags:cab geo KOR Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: mail-smail-vm41.hanmail.net
Sending IP: 203.133.180.229
From: 이규철 <skyin1248@hanmail.net>
Subject: 견적
Attachment: List.cab (contains "List.exe")

Loki C2:
http://79.124.8.8/plesk-site-preview/krockabread.com/http/79.124.8.8/okoro/Panel/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
71
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.FileRepMalware.8763.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6e7088a2fcfc78b843e28efd33ce44c5a232df7f7e6d6b1df881a17d2a13358d/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-08-03 12:13:04 UTC
AV detection:
18 of 29 (62.07%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=nzyirix47r4lqq7cr36thtseywrdfx37pzwwwhpyqgqx2kqtgwgq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/6e7088a2fcfc78b843e28efd33ce44c5a232df7f7e6d6b1df881a17d2a13358d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

cab 6e7088a2fcfc78b843e28efd33ce44c5a232df7f7e6d6b1df881a17d2a13358d

(this sample)

Loki

Executable exe 1b3b81cd526d60f60fa1c193ba72438ec0f1c4059d5d7f195059d1aacfb453e3

  
Dropping
MD5 10f383c2ba29b3e794715fdc0d14d1fa
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 1b3b81cd526d60f60fa1c193ba72438ec0f1c4059d5d7f195059d1aacfb453e3

Comments