MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8395b33854151f5afde42933b6938da61f4bd6abc1fd27185d97ea9662b394bf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8395b33854151f5afde42933b6938da61f4bd6abc1fd27185d97ea9662b394bf
SHA3-384 hash: 18d235a4c6a9d133d76192a575fee4dedb50f625f5c07255a0cbadafbb44da546d824e8fc356cce25ea61a9399715b11
SHA1 hash: 7e1dfc6b572c502a97ed4e2c5da91093a7b7e954
MD5 hash: 5d0d024f003dd165ae51a631be26f13e
humanhash: network-august-colorado-four
File name:SHIA 04-07-2020 Air Waybill-Receipt no AWB 1382297265 INDONESIA Need PIB documentations-pdf.gz
Download: download sample
Signature Loki
Create hunting rule
File size:191'497 bytes
First seen:2020-07-04 07:13:28 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 3072:6ISgoc9cAWef5dGlswNMKUBwhf8KpYzDzI8w3mckCH+pzaOfbIMkEbXT17Esgdyw:6kocmAWehdKqBwhftpbkJzjIqXp7EsgJ
TLSH 6A1412A6BEC473B931CB2DF4605E485129E4E1C984032BF439796472681163CBAFB37A
Reporter abuse_ch
Tags:DHL gz Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: webs10rdns3.websouls.net
Sending IP: 95.217.71.13
From: DHL EXPRESS <osl.imports@olympiaindustries.com.pk>
Subject: DHL E-Shipping Notification Notice- AWB 1382297265
Attachment: SHIA 04-07-2020 Air Waybill-Receipt no AWB 1382297265 INDONESIA Need PIB documentations-pdf.gz (contains "SHIA 04-07-2020 Air Waybill-Receipt no AWB 1382297265 INDONESIA Need PIB documentations-pdf.exe")

Loki C2:
http://mygreencity.in/scripts/Panel/five/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.GenKryptik.ENOW.7697.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8395b33854151f5afde42933b6938da61f4bd6abc1fd27185d97ea9662b394bf/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-07-04 07:15:05 UTC
AV detection:
20 of 29 (68.97%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=qok3gocucupvv7pefez3ne4nuypuxvvlyh6sogc5s7vjmyvtss7q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

gz 8395b33854151f5afde42933b6938da61f4bd6abc1fd27185d97ea9662b394bf

(this sample)

Loki

Executable exe d04d90f7bcdc49c192a42ed8a0c25fb4c0549d21ba633917d8f6a84d70b52d35

  
Dropping
MD5 7b5fa77ee3cc18fd77b42cf98c71d60c
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 d04d90f7bcdc49c192a42ed8a0c25fb4c0549d21ba633917d8f6a84d70b52d35

Comments