MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 88363435d7869c901332742d32e19915a697bd13ea24ef93acd047a9e356a852. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 88363435d7869c901332742d32e19915a697bd13ea24ef93acd047a9e356a852
SHA3-384 hash: cd2fa2c363103fa20a0a8a64c9c8938c643c2b7e6713b0ca299d7b699f7a4709546f1644fcae760376ea91ea4feaba8a
SHA1 hash: a43fda5ce723efbb1925167141d5a41246ce9009
MD5 hash: c9b872e8885370acec877937024947c1
humanhash: twelve-coffee-crazy-texas
File name:PO No. 104393019_pdf.gz
Download: download sample
Signature Loki
Create hunting rule
File size:298'759 bytes
First seen:2021-02-23 07:24:27 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 6144:DDvv8thigxe1/NCZeqq63WBOjWnQGGC2z:Dzv8SWeuZHqxBeWnzGC+
TLSH CB542331B16D093AD2CA54DC670F9DBE68A116F4BCCDCA872C68722478DBC66D5CA43C
Reporter abuse_ch
Tags:gz Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: mail.leisurepr.co.uk
Sending IP: 78.137.122.87
From: Bahr Muhammad <info@albahralarabi.com>
Subject: URGENT PURCHASE ORDER No. 959309292
Attachment: PO No. 104393019_pdf.gz (contains "PO No. 104393019_pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
110
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Dropper.Smdd-6956905-0
Create hunting rule

Sanesecurity.Malware.27383.GZipHeur.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/88363435d7869c901332742d32e19915a697bd13ea24ef93acd047a9e356a852/
Threat name:
Win32.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-02-23 05:49:49 UTC
AV detection:
11 of 47 (23.40%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ra3dinoxq2ojaezsoqwtfymzcwtjppit5iso7e5m2bd2ty2wvbja._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Lokibot
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/88363435d7869c901332742d32e19915a697bd13ea24ef93acd047a9e356a852

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

gz 88363435d7869c901332742d32e19915a697bd13ea24ef93acd047a9e356a852

(this sample)

Loki

Executable exe 07dda01539775e2875eb4f74f9b9a5b0452706f68ba536b102c102adacb5f514

  
Dropping
MD5 b34f098ba6afcf005e3d56d7efc4a629
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 07dda01539775e2875eb4f74f9b9a5b0452706f68ba536b102c102adacb5f514

Comments