MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 937b12b60f43c5df0b58f424916ca79a785020a47ac21b6dfd45647c6cd4631e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 937b12b60f43c5df0b58f424916ca79a785020a47ac21b6dfd45647c6cd4631e
SHA3-384 hash: c55c1b659d37f8b782a3c10beddd1a00ac011e0ce5c450f7da10d85f40a4ada50b818ddff58330bd43bc61bacf62343f
SHA1 hash: 0ac39a0923988d07c0bb623792107b1cb6e8d451
MD5 hash: b60e7449dafc8584b653e6b8f7d3651c
humanhash: bravo-fifteen-illinois-ink
File name:PURCHASE INQUIRY2.rar
Download: download sample
Signature Loki
Create hunting rule
File size:515'545 bytes
First seen:2020-10-23 06:54:08 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:Qwtev0xS6uKgEhEk8OmXVzQt8N0XttxAtBz6wij2XzFZ8h6kmpoX:uMxS8gEhdhm2KAttxALgAZZzkmWX
TLSH 55B42355B1C668FE1D34911BFBE8204F6CF4D61A1FCB490ED90A21B1ADBC1C8917A36B
Reporter abuse_ch
Tags:Loki rar


Avatar
abuse_ch
Malspam distributing Loki:

HELO: yandex.com
Sending IP: 103.99.1.130
From: FAISAL ALARABI <Hitech16006@yandex.com>
Reply-To: FAISAL <Hitech16006@yandex.com>
Subject: New Inquiry Al mousa Group LLC
Attachment: PURCHASE INQUIRY2.rar (contains "PURCHASE INQUIRY2.exe")

Loki C2:
http://ytho.com.vn/.com/need/work/Panel/five/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/937b12b60f43c5df0b58f424916ca79a785020a47ac21b6dfd45647c6cd4631e/
Threat name:
Win32.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-10-23 05:40:38 UTC
AV detection:
19 of 29 (65.52%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=sn5rfnqpipc56c2y6qsjc3fhtj4faifeplbbw3p5ivshy3gummpa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

rar 937b12b60f43c5df0b58f424916ca79a785020a47ac21b6dfd45647c6cd4631e

(this sample)

Loki

Executable exe b7adf1bb5628fd6ec0905e0d3f32c20c39f401ce845f73e15ce867aca4a531fd

  
Dropping
MD5 421b4f950494c1961cdcf75987c02818
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b7adf1bb5628fd6ec0905e0d3f32c20c39f401ce845f73e15ce867aca4a531fd

Comments