MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 abda605b8b142dc4bd7fef0d2ec2325cdc8efd23bf55dfe5b4b342eb0a046abc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: abda605b8b142dc4bd7fef0d2ec2325cdc8efd23bf55dfe5b4b342eb0a046abc
SHA3-384 hash: dbb4cd4321c90acd8c2015cf9c0ae81d93cae205369239185dbeea0f611b7014d8d5c7077a9855d3dd5a1485a9c0a30d
SHA1 hash: df23a26372c80d8712329a1a8b5bf7e8d1f78a18
MD5 hash: 7094def48f3ba910f3378de1b9b18af7
humanhash: eighteen-ohio-helium-lamp
File name:PO 201022-041A.cab
Download: download sample
Signature Loki
Create hunting rule
File size:555'279 bytes
First seen:2020-10-22 07:49:17 UTC
Last seen:Never
File type: cab
MIME type:application/vnd.ms-cab-compressed
ssdeep 12288:v4OV0YNS3yDwEW+ynvoDAUGB2fW0cWkP9PDPTjBcBnb1uFhBHMiSM:wOc3yDwX+uOGB2frcJ9PjBcnx4HYM
TLSH D6C4231AB0A4BA3B87515461A46CD962B39F11DDE6D8CBB0BC28D523C632D48B4C7DEC
Reporter abuse_ch
Tags:cab geo KOR Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: mail-smail-vm53.hanmail.net
Sending IP: REDACTED_DOMAIN]t [203.133.181.11
From: 구매부 김승준 과장 <yhh5224@hanmail.net>
Subject: RE: 견적요청드립니다.
Attachment: PO 201022-041A.cab (contains "PO 201022-041A.exe")

Loki C2:
http://79.124.8.8/plesk-site-preview/heliopoliss.com/http/79.124.8.8/kiriko/Panel/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/abda605b8b142dc4bd7fef0d2ec2325cdc8efd23bf55dfe5b4b342eb0a046abc/
Threat name:
ByteCode-MSIL.Ransomware.TeslaCrypt
Create hunting rule
Status:
Malicious
First seen:
2020-10-22 03:57:30 UTC
AV detection:
18 of 29 (62.07%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=vpngaw4lcqw4jpl754gs5qrsltoi57jdx5k57znuwnbowcqenk6a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

cab abda605b8b142dc4bd7fef0d2ec2325cdc8efd23bf55dfe5b4b342eb0a046abc

(this sample)

Loki

Executable exe 8f712c89da9b64d0002d5b1a6d666d489d3d648e81468d53bf12aaec3252d187

  
Dropping
MD5 371a881b2f36a3211f0c9c03b1786aa5
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 8f712c89da9b64d0002d5b1a6d666d489d3d648e81468d53bf12aaec3252d187

Comments