MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 102d12b90e0f9141911e2a7e3a8c733fec7d04990a55cec252f540c64656f9d8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 102d12b90e0f9141911e2a7e3a8c733fec7d04990a55cec252f540c64656f9d8
SHA3-384 hash: d87bfaf1bef0aef9f7373067643b25641c8679b68a232c7b8718a67dbd4d7a281992acf44c94564055e4f1de2ea733d6
SHA1 hash: d61e5c518f84c3333aead436c0848166ca9eb55c
MD5 hash: befdf08865d71c3315d230454305d472
humanhash: five-carolina-hotel-bacon
File name:telegraphic transfer copy.zip
Download: download sample
Signature Loki
Create hunting rule
File size:195'175 bytes
First seen:2020-06-24 05:43:21 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 3072:8dJ9HW6+m6aTLW5i43YVf8zxvHe9X/gFgRMjtG5p/JuOuqGkearn9p4ACd/PjnoE:ELX6a2gmYcxwPgCRMM5buk1F4vrsh8JV
TLSH A61423490AF7DFE1AA17B275AED4F8EC0D3AD1C441593F09B48F602364286A6219CF7D
Reporter abuse_ch
Tags:Loki zip


Avatar
abuse_ch
Malspam distributing Loki:

HELO: pkz49-3-spamexpert2.hoster.kz
Sending IP: 185.113.132.46
From: cds1@shanyrak-group.kz
Subject: About Remittance Slip For Invoice
Attachment: telegraphic transfer copy.zip (contains "telegraphic transfer copy.exe")

Loki C2:
http://beckhoff-th.com/kon/kon2/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.VFR-1.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.22188.ZipHeur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/102d12b90e0f9141911e2a7e3a8c733fec7d04990a55cec252f540c64656f9d8/
Threat name:
ByteCode-MSIL.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-24 05:45:04 UTC
AV detection:
29 of 48 (60.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=cawrfoiob6iudei6fj7dvddth7wh2bezbjk45qss6vammrsw7hma._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

zip 102d12b90e0f9141911e2a7e3a8c733fec7d04990a55cec252f540c64656f9d8

(this sample)

Loki

Executable exe db75415f8ca144af24173ffd301bdc910b46181ee70ef6c8d94553a61bc04175

  
Dropping
MD5 54f9b1e5ef9071c14dff0b93e97592d2
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 db75415f8ca144af24173ffd301bdc910b46181ee70ef6c8d94553a61bc04175

Comments