MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bf942be9a612f55ecf7f64babb54462c89e399741e26e444f7d9ff735b5a7c24. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bf942be9a612f55ecf7f64babb54462c89e399741e26e444f7d9ff735b5a7c24
SHA3-384 hash: 7d615dfc7450ff83071ed839a73af0e1fd06a001daa47a520ad4f8a4d3e54431095805b7714a0dba689555a145d2077d
SHA1 hash: 267eba0e898ad5e56d0b2624c3a07e53dcff2dd6
MD5 hash: 9e265a081ee34f9e8347a65473169ebf
humanhash: winner-venus-carbon-xray
File name:P20-01922 Order 1.iso
Download: download sample
Signature Loki
Create hunting rule
File size:794'624 bytes
First seen:2020-10-06 17:55:31 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 12288:h3Xhr7IvxT2P/jnZUXULjqZEMm/s5ZQY2Cqd9QnKmEPUO/FftXnGIBfUPkVHs:h3xQvxT2PrZU/ZETs5
TLSH 06F43AAD3260B2DFC867C872D9682C64EB507477431BD243A42B15ADEE4E89BDF141F2
Reporter abuse_ch
Tags:iso Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: vps100a.vservers.es
Sending IP: 5.175.42.48
From: Joe Becknell <jbeckneil@ahaus.com>
Subject: P20-01922 Order # 1
Attachment: P20-01922 Order 1.iso (contains "P20-01922 Order # 1.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
109
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bf942be9a612f55ecf7f64babb54462c89e399741e26e444f7d9ff735b5a7c24/
Threat name:
ByteCode-MSIL.Infostealer.Stelega
Create hunting rule
Status:
Malicious
First seen:
2020-10-06 14:12:32 UTC
AV detection:
20 of 48 (41.67%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=x6kcx2ngcl2v5t37ms5lwvcgfse6hgludytoirhx3h7xgw22pqsa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/bf942be9a612f55ecf7f64babb54462c89e399741e26e444f7d9ff735b5a7c24

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

iso bf942be9a612f55ecf7f64babb54462c89e399741e26e444f7d9ff735b5a7c24

(this sample)

Loki

Executable exe f4ab3855a20a3d4a65a1052d090f653e59bbdb4b4fb0766f0e77a87926c10b5a

  
Dropping
MD5 ce07e1c95d4b74a222f142c7400376b1
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f4ab3855a20a3d4a65a1052d090f653e59bbdb4b4fb0766f0e77a87926c10b5a

Comments