MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ee85bcb8fbff0f1df135d58ab671cc467a15121e4caa314ceec51fffddd98d4b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ee85bcb8fbff0f1df135d58ab671cc467a15121e4caa314ceec51fffddd98d4b
SHA3-384 hash: 95ca051eb875f3eefbe4a1bf2e656ac1e1bc6863553b17041702bbbcb29a952bc4c96c1c9577c2bcbea4bb29b64c5246
SHA1 hash: 9e59282ee498949b297cf21925831077bf5e45f0
MD5 hash: 6f1aaa31df28e17908fe4a684fce586c
humanhash: lima-summer-wisconsin-arkansas
File name:proforma invoice 0910829307_pdf.zip
Download: download sample
Signature Loki
Create hunting rule
File size:203'989 bytes
First seen:2020-07-16 06:28:03 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 3072:UzRAbG0opmIeDykQuyKly+IiVQMb2cwQ6tDLrqw02Chuep3QU:GS2paylyQ+IqbVwTtTqw02+ua3
TLSH D51423B19BF531A31EB3AD5FEB08C1218ABC36D79CA38507D73483275A3A746D351242
Reporter abuse_ch
Tags:Loki zip


Avatar
abuse_ch
Malspam distributing Loki:

HELO: server.globalhpbatam.com
Sending IP: 31.14.140.26
From: finance@hslenergy.com
Subject: Kindly send back the revised PI so we can make the down payment
Attachment: proforma invoice 0910829307_pdf.zip (contains "swift_pdf.exe")

Loki C2:
http://beckhoff-th.com/kon/kon2/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.25815.ZipHeur.BadExt.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ee85bcb8fbff0f1df135d58ab671cc467a15121e4caa314ceec51fffddd98d4b/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-07-16 06:29:08 UTC
AV detection:
24 of 48 (50.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=52c3zoh374hr34jv2wflm4omiz5bkeq6jsvdcthoyup77xozrvfq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

zip ee85bcb8fbff0f1df135d58ab671cc467a15121e4caa314ceec51fffddd98d4b

(this sample)

Loki

Executable exe 89c43fa14d007c940ad21716efe6c4ce18b38dc94a8c457138422c93697751b6

  
Dropping
MD5 037ada41d7814605e44f86831bda870c
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 89c43fa14d007c940ad21716efe6c4ce18b38dc94a8c457138422c93697751b6

Comments