MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e75b5496850188be2d6c54bd0dfedb2cbb24bfab6e23baf3cd173f4f4d267e94. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 2 File information 4 Yara Comments

SHA256 hash: e75b5496850188be2d6c54bd0dfedb2cbb24bfab6e23baf3cd173f4f4d267e94
SHA3-384 hash: b92104215f54cb2f60b3cb0207d361145ce09f5fc0036f7e4cce327da5a7273f14521d44b0603caa9eef64e684f79bdc
SHA1 hash: f688ef67d5b015ad4649d9229d7bbb6132578f36
MD5 hash: c3df2066e76898f9dca6993b551d39ba
humanhash: social-paris-mobile-comet
File name:PHOTOS.cab
Download: download sample
Signature Loki
File size:176'917 bytes
First seen:2020-06-30 13:09:23 UTC
Last seen:2020-06-30 13:09:37 UTC
File type: cab
MIME type:application/vnd.ms-cab-compressed
ssdeep 3072:QZFiCy9XCpMSMjfX9GQ1u7nP1oOOKKpb9HWzfHZSicD4zFjDfQ/GwonFbeeebGc:86lCqj79GJ7/OJpbRWz874zFjDIZo9v6
TLSH 61041283B215BEB7846F1DFAEE71ED1567F6A0B64F1C2E220856434954CD5E003ABE8C
Reporter @abuse_ch
Tags:cab Loki


Twitter
@abuse_ch
Malspam distributing Loki:

HELO: damacgroup.com
Sending IP: 185.222.58.113
From: THOMAS <Liju.Thomas@damacgroup.com
Subject: PHOTOS
Attachment: PHOTOS.cab (contains "PHOTOS.exe")

Loki C2:
http://siiigroup.com/blue/five/fre.php

Intelligence


Mail intelligence
Trap location Impact
IT Italy Low
Global High
# of uploads 2
# of downloads 30
Origin country US US
ClamAV SecuriteInfo.com.Generic-EXE.UNOFFICIAL
CERT.PL MWDB Detection:n/a
Link: https://mwdb.cert.pl/sample/e75b5496850188be2d6c54bd0dfedb2cbb24bfab6e23baf3cd173f4f4d267e94/
ReversingLabs :Status:Malicious
Threat name:ByteCode-MSIL.Trojan.Kryptik
First seen:2020-06-30 13:11:04 UTC
AV detection:10 of 31 (32.26%)
Threat level:   5/5
Spamhaus Hash Blocklist :Malicious file
VirusTotal:Virustotal results 4.84%

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

cab e75b5496850188be2d6c54bd0dfedb2cbb24bfab6e23baf3cd173f4f4d267e94

(this sample)

  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment

Comments