MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 167673ca4b423618d6bf0cf599064438015cf09b82efaadadbeb38e9879d93da. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 167673ca4b423618d6bf0cf599064438015cf09b82efaadadbeb38e9879d93da
SHA3-384 hash: 7f86ff6f63199b5153edc361ec0ea5ddd36ffe6e05022cac91bcc279fa537b879c1c9d9c6d49afd4eaa66130fd654fc2
SHA1 hash: b857c2d2b8654ddc8e2162667b583ce52acf2235
MD5 hash: 4a2a4adb9609f99b3a397e6dfba5445f
humanhash: zebra-kitten-comet-potato
File name:Payment advice _pdf.gz
Download: download sample
Signature Loki
Create hunting rule
File size:357'225 bytes
First seen:2020-07-08 06:14:47 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:whDQ8neUMuVwjmSa/F4lb7Sp+YpZoUff7oimuj6tDz/SdEPAVvqIUTeFHVC7XPQa:CDQ8ntUmS6F4lPSp+cZoiciQ/SWswo1Y
TLSH 3174230BD389B974A74B802DB5EF946C8BC60F5E74C6B7879010C650A9D5386FF04AF8
Reporter abuse_ch
Tags:gz Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: c116.vz06.my-virtual-panel.com
Sending IP: 204.93.157.81
From: Spedicon Maldives (Pvt) Ltd <azaad@spediconlogistics.com>
Subject: RE: RATE REQUEST SEA FREIGHT IMPORT
Attachment: Payment advice _pdf.gz (contains "file-0011444_pdf.exe")

Loki C2:
http://rostovafile.ga/Colba4/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Sanesecurity.Malware.25815.ZipHeur.BadExt.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/167673ca4b423618d6bf0cf599064438015cf09b82efaadadbeb38e9879d93da/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-07-08 03:20:44 UTC
AV detection:
25 of 29 (86.21%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=cz3hhsslii3brvv7bt2zsbsehaavz4e3qlx2vww35m4otb45spna._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

zip 167673ca4b423618d6bf0cf599064438015cf09b82efaadadbeb38e9879d93da

(this sample)

Loki

Executable exe 2a7fae51ee4b81d5c4d5a6f16ea48a8e3c82f32c6779cc395eb47ce837ed0c9e

  
Dropping
MD5 c5d3a86a42327a84c2588901890fd461
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2a7fae51ee4b81d5c4d5a6f16ea48a8e3c82f32c6779cc395eb47ce837ed0c9e

Comments