MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2d838d7548351e33edbccf8c6c93af5e1706516ce5b125c27c7df54ed33693ab. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2d838d7548351e33edbccf8c6c93af5e1706516ce5b125c27c7df54ed33693ab
SHA3-384 hash: feb9da7f47fc5129a68ae8591508f63c65bd521c63b8b23e18cc5a2ea49c6b9bfec9d9346394fabe34ff453c913e8d0c
SHA1 hash: 55ffe62104eb059be00701e10ddba08bdfac0128
MD5 hash: 2890f1d32e88d3f5c3ea1e3b5f6aa15d
humanhash: apart-burger-november-island
File name:SOA.arj
Download: download sample
Signature Loki
Create hunting rule
File size:336'462 bytes
First seen:2020-07-20 10:29:30 UTC
Last seen:2020-07-20 15:42:36 UTC
File type: arj
MIME type:application/x-rar
ssdeep 6144:u2LZ/rwUdVc/TmM+3COZ0Tgcnd5uhpBj80KNvfBjNl4KlC6LcJ0q:/kUGnTgsuhpBjPKtd5CtJF
TLSH F9642371671A0318DD8EEE336E2C0EB319CD17EAC844CABDED641AA0103D6F254E6C83
Reporter abuse_ch
Tags:arj Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: server.130ads.com
Sending IP: 209.124.90.180
From: Danielle Hajjar <sales@shayaazar.com>
Subject: SOA
Attachment: SOA.arj (contains "SOA.exe")

Loki C2:
http://mecharnise.ir/ea5/fre.php

Intelligence

File Origin
# of uploads :
2
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2d838d7548351e33edbccf8c6c93af5e1706516ce5b125c27c7df54ed33693ab/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-07-20 10:31:05 UTC
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=fwby25kigupdh3n4z6ggze5plylqmulm4wyslqt4px2u5uzwsovq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
0.66
Link:
https://yomi.yoroi.company/submissions/2d838d7548351e33edbccf8c6c93af5e1706516ce5b125c27c7df54ed33693ab

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

arj 2d838d7548351e33edbccf8c6c93af5e1706516ce5b125c27c7df54ed33693ab

(this sample)

Loki

Executable exe e29aab6bf4f627b3068a69e6bb8cbe4c98d7e5994bf7ff5d53a4a2e7e98ccc20

  
Dropping
MD5 8f4c8d16eb563ed0f2ea2602bb31cf2c
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e29aab6bf4f627b3068a69e6bb8cbe4c98d7e5994bf7ff5d53a4a2e7e98ccc20

Comments