MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c9424af7f8627a8cd89caa9eb9fd6f0a8994f0e12df238931ea717b702e6d095. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c9424af7f8627a8cd89caa9eb9fd6f0a8994f0e12df238931ea717b702e6d095
SHA3-384 hash: 77ebab7b4ea298d05c18737eb67df013fcd2cae8f1237356742b7985705d0b10499645e44c5f4f23c2316caaadcb0a55
SHA1 hash: c3b9025d9c7c53a0c77b1dae112c8a2a8430f892
MD5 hash: 762d086a6009efeb4372f5ddd9ca9e5a
humanhash: harry-fruit-leopard-red
File name:PDF.img
Download: download sample
Signature Loki
Create hunting rule
File size:628'736 bytes
First seen:2021-11-01 11:13:08 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 12288:+XaoPrbzqhcbzLa4NQDOYyTjTtmJzOHZ+vuJkyxnTBcvu:+Jrqhc/DuDJ+ssHguzTa
TLSH T1E0D49D2C3B98B79ACAA91F7588230688A3F1D4433B32F35F65C855D82D21B16CB1F657
Reporter cocaman
Tags:img


Avatar
cocaman
Malicious email (T1566.001)
From: "Andrew Clay <support@omaralfarouq.com>" (likely spoofed)
Received: "from 31-24-230-87.plesk.page (unknown [31.24.230.87]) "
Date: "Mon, 1 Nov 2021 09:47:36 +0000"
Subject: "Payment Remittance Advice"
Attachment: "PDF.img"

Intelligence

File Origin
# of uploads :
1
# of downloads :
131
Origin country :
n/a
Vendor Threat Intelligence
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
obfuscated packed
Link:
https://www.filescan.io/uploads/617ffa689a5a1e91c5d9f972/reports/df6592e7-9128-432b-86a0-94e87440f6d3/overview
Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c9424af7f8627a8cd89caa9eb9fd6f0a8994f0e12df238931ea717b702e6d095/
Threat name:
Win32.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-11-01 05:17:16 UTC
AV detection:
19 of 45 (42.22%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zfbev57ymj5izwe4vkplt7lpbkezj4hbfxzdrey6u4l3oaxg2ckq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/c9424af7f8627a8cd89caa9eb9fd6f0a8994f0e12df238931ea717b702e6d095

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

img c9424af7f8627a8cd89caa9eb9fd6f0a8994f0e12df238931ea717b702e6d095

(this sample)

Loki

Executable exe bde67b6b6fdbdfb906fd401935bfe44d91bcd47e2e96be4475c79f993ffea64c

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 bde67b6b6fdbdfb906fd401935bfe44d91bcd47e2e96be4475c79f993ffea64c

Comments