MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 01ca4c714fbbe12b904582180ec8ac459d0aa0ebb15b83a04f92957f53f06ad5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 01ca4c714fbbe12b904582180ec8ac459d0aa0ebb15b83a04f92957f53f06ad5
SHA3-384 hash: 6d3fdcd7959bd749d4a36c78aff3500a259fd70d2b0cbda968140a0810a94ee644e0d3a9e6696add9e0cad6febe3b6fc
SHA1 hash: 92c4133c93c9771e2a4d988af44a29d9d47a3718
MD5 hash: f36040a1829f2c746a851a9bd25d8b62
humanhash: six-hydrogen-beryllium-comet
File name:Payment Advice_pdf.gz
Download: download sample
Signature Loki
Create hunting rule
File size:304'956 bytes
First seen:2020-07-02 12:25:22 UTC
Last seen:Never
File type: gz
MIME type:application/x-rar
ssdeep 6144:GMQ6FTEFYKuqaSurKDlG+pOjXhf51bQRrm5znIVBv6A+Nypl2m:O6FgxupSCamX1vKm575AFj2m
TLSH DF54235A44342FB8C1F1E9C782C3CF8D2DF65EFB90A718772A150633415BA96967B8B0
Reporter abuse_ch
Tags:gz Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: mailer12-2.incnets.com
Sending IP: 210.6.92.82
From: ASHOK SHARMA (Accounts Team) <accounts@manna.corp.com.hk>
Subject: Payment Advice
Attachment: Payment Advice_pdf.gz (contains "Payment Advice_pdf.exe")

Loki C2:
http://acpanode-sg.com/stanz/Panel/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.27382.Rar5Heur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/01ca4c714fbbe12b904582180ec8ac459d0aa0ebb15b83a04f92957f53f06ad5/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-07-02 12:27:05 UTC
AV detection:
18 of 29 (62.07%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ahfey4kpxpqsxecfqima5sfmiwoqvihlwfnyhicpskkx6u7qnlkq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

gz 01ca4c714fbbe12b904582180ec8ac459d0aa0ebb15b83a04f92957f53f06ad5

(this sample)

Loki

Executable exe 463daa0c901e322b0a2cd2af7b507f3d4dcdb3e0f9431f83a7ed4d5bf7c9581b

  
Dropping
MD5 e5ce3f673d4e9fa96e12161e1a78adc0
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 463daa0c901e322b0a2cd2af7b507f3d4dcdb3e0f9431f83a7ed4d5bf7c9581b

Comments