MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e14c0a5111004734fe2d39162c2164a7b3916011209be8cc4c30d823ac193a11. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e14c0a5111004734fe2d39162c2164a7b3916011209be8cc4c30d823ac193a11
SHA3-384 hash: 3b540c4749eaf059db867f80c267ebc1a4b046b6ec028b82e1f78c8d92be0719c4a41bce151d9a7aff63c12ac654f1b8
SHA1 hash: e8a4bf28b166642dd92eceb1d5c446af102750fd
MD5 hash: 9b010e555b9ef6a5bd4b7c1332cd21a9
humanhash: mountain-delta-social-bluebird
File name:20200806.cab
Download: download sample
Signature Loki
Create hunting rule
File size:267'169 bytes
First seen:2020-08-06 07:59:52 UTC
Last seen:Never
File type: cab
MIME type:application/vnd.ms-cab-compressed
ssdeep 6144:+IWSJarqbeXYDj3W+j0dnhgNU/VoNepHJbs7AKs4016vHAa:QcarzXKL9CO2/VIayEKs45vHAa
TLSH 9A442361C898B8E861E1DFDD886C7D85ACB5BC9D242C5C7AE2371334F83C0AE5B14A5C
Reporter abuse_ch
Tags:cab geo KOR Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: mail-smail-vm40.hanmail.net
Sending IP: 203.133.180.228
From: 태흥상사 <cth1025@hanmail.net>
Subject: 견적 및 PO 요청
Attachment: 20200806.cab (contains "PO.exe")

Loki C2:
http://79.124.8.8/plesk-site-preview/krockabread.com/http/79.124.8.8/smik/Panel/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e14c0a5111004734fe2d39162c2164a7b3916011209be8cc4c30d823ac193a11/
Threat name:
ByteCode-MSIL.Spyware.Negasteal
Create hunting rule
Status:
Malicious
First seen:
2020-08-06 08:01:05 UTC
AV detection:
20 of 29 (68.97%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=4fgauuirabdtj7rnhelcyileu6zzcyarecn6rtcmgdmchlazhiiq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e14c0a5111004734fe2d39162c2164a7b3916011209be8cc4c30d823ac193a11

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

cab e14c0a5111004734fe2d39162c2164a7b3916011209be8cc4c30d823ac193a11

(this sample)

Loki

Executable exe 57d86d719f126ab791a63997ed510dec77649924b2e47d54b73ed3641b56678f

  
Dropping
MD5 2eb37ab18bb1a92b38cdf58b02882197
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 57d86d719f126ab791a63997ed510dec77649924b2e47d54b73ed3641b56678f

Comments