MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f585ce0bd07f026989873de872e7469692a8350eada107bb2a337344fb85778c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f585ce0bd07f026989873de872e7469692a8350eada107bb2a337344fb85778c
SHA3-384 hash: fb74335522129a0504f57e3f012c8ff51aa02a11294b1cfda3a6c3d59f0fb0206b8ab3f1873e3a9fcf7bd0064af6ff88
SHA1 hash: e1d436572a3d56b6e38d1f78ac6be9b8cd9d8974
MD5 hash: 0e2531ac761ef3a790ae6be299bb12e7
humanhash: kilo-north-pluto-papa
File name:ORDER ITEMS REQUIREMENT 0948998456 PDF.uue
Download: download sample
Signature Loki
Create hunting rule
File size:364'425 bytes
First seen:2020-10-16 10:52:08 UTC
Last seen:Never
File type: uue
MIME type:application/x-rar
ssdeep 6144:TGL5W55Z5YZKywgltVAi5jb/Pi2S1sn2huTA0B2cRuumNN86NqmvbSCDvRBLB3SJ:eU58ZK5gltPr691XhD04cRpmNW6Nxdlc
TLSH D87423EC5728AE14BCAB4660230FB48DBF6E9B17AE90B325ED017357B5047560E4EF24
Reporter abuse_ch
Tags:Loki uue


Avatar
abuse_ch
Malspam distributing Loki:

HELO: da.darksideapi.live
Sending IP: 45.95.171.103
From: Pawan Sehgal <c.voli@real-events.ch>
Reply-To: purchase@sabagroup.org
Subject: Order Requirements 495463552 October 2020
Attachment: ORDER ITEMS REQUIREMENT 0948998456 PDF.uue (contains "ORDER ITEMS REQUIREMENT 0948998456 PDF.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f585ce0bd07f026989873de872e7469692a8350eada107bb2a337344fb85778c/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2020-10-16 03:27:57 UTC
AV detection:
19 of 28 (67.86%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=6wc44c6qp4bgtcmhhxuhfz2gs2jkqniovwqqpozkgnzuj64fo6ga._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/f585ce0bd07f026989873de872e7469692a8350eada107bb2a337344fb85778c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

uue f585ce0bd07f026989873de872e7469692a8350eada107bb2a337344fb85778c

(this sample)

Loki

Executable exe 69e28c099c18f7fd000440db3155e9818916f70535e10b392ae7c1fb54ba48be

  
Dropping
MD5 7d57cfa113169ec8e685681e17651c26
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 69e28c099c18f7fd000440db3155e9818916f70535e10b392ae7c1fb54ba48be

Comments