MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9e471183a789ba28764f52bfa61dc3359ed78271ce9d67a5c67a0ac99dd3121c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9e471183a789ba28764f52bfa61dc3359ed78271ce9d67a5c67a0ac99dd3121c
SHA3-384 hash: 93d99c4b50721a0b3f6a222dcb0cb8a34fd67ecd8f41d603383417b0e59bdff0cc0ea79d9a5ce5b31671a5510e1b30a9
SHA1 hash: aa4e54bec9795b971664b59acc738bdec0513127
MD5 hash: dde81e146768cda37dadcbf47e1bb4da
humanhash: winter-network-comet-enemy
File name:Remittance Advice-203948392022019.txt.gz
Download: download sample
Signature Loki
Create hunting rule
File size:466'392 bytes
First seen:2020-10-22 06:50:43 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 12288:KeAIbnxUlxjyLxB0Yz4/6iR81uB2L629z:Kabn2rV/j81uB2L6uz
TLSH FFA423D26C8D123E7EE3146516745ACA7A7BE0F6207EB9AC1D92F14C39E118A076E028
Reporter abuse_ch
Tags:gz Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: uni-bremen.de
Sending IP: 83.149.106.6
From: Nemanja Parsa <nparsa@uni-bremen.de>
Subject: RE: Transfer Copy
Attachment: Remittance Advice-203948392022019.txt.gz (contains "Remittance Advice-#203948392022019.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
58
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9e471183a789ba28764f52bfa61dc3359ed78271ce9d67a5c67a0ac99dd3121c/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-10-22 02:25:19 UTC
AV detection:
15 of 29 (51.72%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=tzdrda5hrg5cq5spkk72mhodgwpnpatrz2owpjogpifmthotcioa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

gz 9e471183a789ba28764f52bfa61dc3359ed78271ce9d67a5c67a0ac99dd3121c

(this sample)

Loki

Executable exe 9e5f987ad43b66c469e9fed02999cfb62feff01049b5f1ef33804918bead665c

  
Dropping
MD5 6c560e6b6696b97e470f000acd8c6e9e
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 9e5f987ad43b66c469e9fed02999cfb62feff01049b5f1ef33804918bead665c

Comments