MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d186dda99ac7115389fb06de7046f9074ee746e6db4f4351139eee03ed08f9a8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d186dda99ac7115389fb06de7046f9074ee746e6db4f4351139eee03ed08f9a8
SHA3-384 hash: 307d91eeda0b25625dac538d7ee5252d2dda1d0e5005f77978bebbf1b2a5546dc9c6a12d9e9304d920f7fe563a7b426e
SHA1 hash: 1a10744c4fda2aa1ceee08d71477f00d5f21dcb1
MD5 hash: 5e6ab003f727f865320eed7606f2a29a
humanhash: eighteen-illinois-mobile-steak
File name:견적요청의 件:HYUNDAI MASS QUARANTREAT PROJECT.dwg.cab
Download: download sample
Signature Loki
Create hunting rule
File size:139'920 bytes
First seen:2020-07-13 06:08:44 UTC
Last seen:Never
File type: cab
MIME type:application/vnd.ms-cab-compressed
ssdeep 3072:SueUkGyu+DidkCKaM7CLEsVhKVAKr0Wnyc6P9aBe:SuesydidnK7TsVhEbrVJ6P9a4
TLSH 89D312296DB16308DB8D487258D7F3CDEB8D4856D999B6DB7C20B7506F493C0EF8A810
Reporter abuse_ch
Tags:cab geo KOR Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: mail-smail-vm53.hanmail.net
Sending IP: 203.133.181.11
From: 로이 유 <myung7788@daum.net>
Subject: 견적요청의 件:HYUNDAI MASS QUARANTREAT PROJECT
Attachment: 견적요청의 件:HYUNDAI MASS QUARANTREAT PROJECT.dwg.cab (contains "(2020.07.13.exe")

Loki C2:
http://79.124.8.8/plesk-site-preview/akinsab.ru/http/79.124.8.8/lento/Panel/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.WUO.6882.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d186dda99ac7115389fb06de7046f9074ee746e6db4f4351139eee03ed08f9a8/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-07-13 04:09:57 UTC
AV detection:
22 of 48 (45.83%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=2gdn3km2y4ivhcp3a3pharxza5hoorxg3nhuguitt3xah3ii7gua._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

cab d186dda99ac7115389fb06de7046f9074ee746e6db4f4351139eee03ed08f9a8

(this sample)

Loki

Executable exe edc773741982183fbbca2bc01649bdd6904f8aac5392cec6cfcfeab881c1e727

  
Dropping
MD5 d8ac268c14e3fec94e2e5d8b4bcb2b10
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 edc773741982183fbbca2bc01649bdd6904f8aac5392cec6cfcfeab881c1e727

Comments