MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ca150b50595d92556a8dbe3c0967355fd8309ae4be075e2d8efa53bd729467ff. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ca150b50595d92556a8dbe3c0967355fd8309ae4be075e2d8efa53bd729467ff
SHA3-384 hash: 2f2bf65cd5eb1860f3fed300653f96e3be95fd97a72dab309e97f056ea2284e8dd0883c2e40c30a809a30169d5023de1
SHA1 hash: e945795a2f2dbd6ec0fb527fdca84a5208d72d86
MD5 hash: 20306571c7591d4c96e48ea58bcd6268
humanhash: five-idaho-helium-two
File name:REQUIREMENTS.cab
Download: download sample
Signature Loki
Create hunting rule
File size:330'081 bytes
First seen:2020-12-03 08:55:38 UTC
Last seen:Never
File type: cab
MIME type:application/vnd.ms-cab-compressed
ssdeep 6144:uQvnE+IbXmaSjUvmir9j11QYjM/yLeWgIyk/DhiAtqZDOZgB2:uQvnXe9SjUvmu1pjrNqk/DbtqZDd2
TLSH 0C642374B5006648D935E58EA330D3A22DCB6A0EFF2760F26D164C6B015D7E60AFBD4E
Reporter abuse_ch
Tags:cab Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: tuchalsadikhairhai.club
Sending IP: 199.115.194.206
From: 김은주(KIM EUN JOO) <noreply@tuchalsadikhairhai.club>
Subject: CHEVRON, Jansz-Io FCS Project / RFQ-P-025 Insulation
Attachment: REQUIREMENTS.cab (contains "REQUIREMENTS.exe")

Loki C2:
http://45.134.225.18/plesk-site-preview/endustrigm.eu/http/45.134.225.18/tmoni/Panel/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
136
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Backdoor.MSIL.REMCOS.SM.12215.UNOFFICIAL
Create hunting rule

Result
Verdict:
UNKNOWN
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ca150b50595d92556a8dbe3c0967355fd8309ae4be075e2d8efa53bd729467ff/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-12-03 08:56:07 UTC
AV detection:
17 of 29 (58.62%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=zikqwuczlwjfk2unxy6aszzvl7mdbgxexydv4lmo7jj324uum77q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/ca150b50595d92556a8dbe3c0967355fd8309ae4be075e2d8efa53bd729467ff

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

cab ca150b50595d92556a8dbe3c0967355fd8309ae4be075e2d8efa53bd729467ff

(this sample)

Loki

Executable exe cfb1834c33817d2fb697bd75004827c5d888e6f62e5db56d2381014e58290821

  
Dropping
MD5 70109889c622058fd38e3b14965ca813
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 cfb1834c33817d2fb697bd75004827c5d888e6f62e5db56d2381014e58290821

Comments