MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 976bfad2e9e48aa9e69157a5dcd33584a48a94478a2db47b1baed5f08801f110. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 976bfad2e9e48aa9e69157a5dcd33584a48a94478a2db47b1baed5f08801f110
SHA3-384 hash: 509361ef817b435c5ef3e25620f9048c3ab6525814508712c0388ac853e56c93789146cc9876ede934e6c279783c9b54
SHA1 hash: 80f695bcbad479f227f405de23556b0c63483bea
MD5 hash: c33dc23507dc6b932314a1daac4ac435
humanhash: wyoming-eight-muppet-wisconsin
File name:Quotation Items.zip
Download: download sample
Signature Loki
Create hunting rule
File size:735'933 bytes
First seen:2020-08-19 13:26:46 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:98NW8/P4jNbilT4gnDy4fBXiC2iEmd2LfdAQbTREpkfcBpg9yy/Ba71bZ5367a/g:9mWWuTOOOz9X+1A+TREpk0/g9po35QF9
TLSH 61F433810DED098B2AB6ED556660D19451D3EB30444CCEF70EC886DE7A7F3862A93C2E
Reporter abuse_ch
Tags:Hostwinds Loki zip


Avatar
abuse_ch
Malspam distributing Loki:

HELO: hwsrv-758848.hostwindsdns.com
Sending IP: 104.168.198.93
From: Sales(Cindy) <info@laddath.com>
Subject: Re: Sales Quotation Items
Attachment: Quotation Items.zip (contains "reb.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
59
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/976bfad2e9e48aa9e69157a5dcd33584a48a94478a2db47b1baed5f08801f110/
Threat name:
Win32.Spyware.Agensla
Create hunting rule
Status:
Malicious
First seen:
2020-08-19 05:59:01 UTC
AV detection:
24 of 48 (50.00%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=s5v7vuxj4sfktzurk6s5zuzvqssivfchriw3i6y3v3k7bcab6eia._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/976bfad2e9e48aa9e69157a5dcd33584a48a94478a2db47b1baed5f08801f110

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

zip 976bfad2e9e48aa9e69157a5dcd33584a48a94478a2db47b1baed5f08801f110

(this sample)

Loki

Executable exe bdf0628de7c3965db41f88705c2b900a19fc12499435fd77f6eabc172c397861

  
Dropping
MD5 8293c63d57e222438b63c5bba8adaa13
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 bdf0628de7c3965db41f88705c2b900a19fc12499435fd77f6eabc172c397861

Comments