MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cd2cee8eaf6ac4bc4a579525a4ffcca226359d6b48768eb7f9977ce09f4bfda3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cd2cee8eaf6ac4bc4a579525a4ffcca226359d6b48768eb7f9977ce09f4bfda3
SHA3-384 hash: 9eced079c2cf970dcfe6c0ba754333c5ee618ae3cc956d039bda53c7f9bd1f0085b4189bedbd64d55de9696dc20ddd5d
SHA1 hash: 67d99baff4fff6da5330e3e6823f7df07339ad64
MD5 hash: db697b93d3ba4a3efaa3881cc1c6674b
humanhash: eighteen-neptune-twelve-leopard
File name:Document 11QNC9owNMiWc65sa.rar
Download: download sample
Signature Loki
Create hunting rule
File size:324'655 bytes
First seen:2020-10-28 06:59:08 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:pYAHJC6vctUha4vt3bNdf2soBh7ZTI0HxFuJN4271LHAlDEkBvLTtHR0n/+w:pRpZSQnr2soBjR/2FeokdfcGw
TLSH FB64239908ED3CD1921EB9F3F7997EED0B70E671F21AA980720411AF40AF65EF360164
Reporter abuse_ch
Tags:DHL Loki rar


Avatar
abuse_ch
Malspam distributing Loki:

HELO: server.filmworld.tv
Sending IP: 70.32.31.17
From: DHL Express <dhlSender@dhl.com>
Reply-To: DHL Express <pkd.lycheu@gmail.com>, dhlSender@dhl.com
Subject: RE:DHL Goods Arrest on Order
Attachment: Document 11QNC9owNMiWc65sa.rar (contains "QNC9owNMiWc65sa.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cd2cee8eaf6ac4bc4a579525a4ffcca226359d6b48768eb7f9977ce09f4bfda3/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-10-27 22:36:48 UTC
AV detection:
15 of 29 (51.72%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=zuwo5dvpnlclyssxsus2j76muitdlhlljb3i5n7zs56obh2l7wrq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/cd2cee8eaf6ac4bc4a579525a4ffcca226359d6b48768eb7f9977ce09f4bfda3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

rar cd2cee8eaf6ac4bc4a579525a4ffcca226359d6b48768eb7f9977ce09f4bfda3

(this sample)

Loki

Executable exe eb4b5cd679b4e26004fda3b0806da5293e107d3e41495f9d8b1ae9ff6758331b

  
Dropping
MD5 4ac6512f7f2ffc61985b4da65e457d2a
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 eb4b5cd679b4e26004fda3b0806da5293e107d3e41495f9d8b1ae9ff6758331b

Comments