MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ee84953c44a6197abe5b088a7464ad160a1c6a5573237ac24120803faea48936. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ee84953c44a6197abe5b088a7464ad160a1c6a5573237ac24120803faea48936
SHA3-384 hash: bc69c0388ec305ebec47d63ee6ff0e500618fc714ce54801e17cc73fe6965e89289c2de9870d4d3d95760a4bc062eb6a
SHA1 hash: a8d4a15c760ebbba1f37ff774c79f10c04413331
MD5 hash: 2310ce4c4b28c7ce102d9dfcf803e50d
humanhash: fanta-social-september-johnny
File name:file.pdf.cab
Download: download sample
Signature Loki
Create hunting rule
File size:538'608 bytes
First seen:2020-08-04 10:56:57 UTC
Last seen:Never
File type: cab
MIME type:application/vnd.ms-cab-compressed
ssdeep 12288:R5eE+Uv5xt0BkMIXjpxIM7eDptjNNu0Y7fhQ8PbUn7RnBM5r0F3fA2:R5eE/Pt0afpxBezfuvZQ8PolBMJ0C2
TLSH DAB4239E85D999E17DF81D09B4903C9040E0A74850FF45FA71A3BD1BCC6CEB8CBDA856
Reporter abuse_ch
Tags:cab geo KOR Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: mail-smail-vm35.hanmail.net
Sending IP: 203.133.180.223
From: (주)더하이스트 종합건설 <highest745@daum.net>
Subject: 견적의뢰건
Attachment: file.pdf.cab (contains "XtCbItbyakh0MLO.exe")

Loki C2:
http://79.124.8.8/plesk-site-preview/krockabread.com/http/79.124.8.8/goodluck/Panel/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.CIL.HeapOverride.Heur.14834.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ee84953c44a6197abe5b088a7464ad160a1c6a5573237ac24120803faea48936/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-08-04 10:58:09 UTC
AV detection:
20 of 29 (68.97%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=52cjkpceuymxvps3bcfhizfncyfby2svomrxvqsbecad7lvere3a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/ee84953c44a6197abe5b088a7464ad160a1c6a5573237ac24120803faea48936

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

cab ee84953c44a6197abe5b088a7464ad160a1c6a5573237ac24120803faea48936

(this sample)

Loki

Executable exe be6e32e526da8fee7f52acc7a1a15ef39031765ffe920d8b5c9477e41f1af843

  
Dropping
MD5 e95445bfb46cf0bf852fa2ec6ad54368
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 be6e32e526da8fee7f52acc7a1a15ef39031765ffe920d8b5c9477e41f1af843

Comments