MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 426e05ae8d66d1a1e63f6bf7eef9a336e8d46f0c70e4cbd8e5fdb188509544ae. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 426e05ae8d66d1a1e63f6bf7eef9a336e8d46f0c70e4cbd8e5fdb188509544ae
SHA3-384 hash: bc727289d40a3a98747f746a82c1e7d5b86b85e6fce8ddeac5f8b3d0687d1bcc27eb9ae9a71511ed2f4ebe8ca7b2ae8e
SHA1 hash: 0657344632510855e46ba2ce20f29b86d4786ab4
MD5 hash: 3cb3fa92668d03b09e2385924498ad88
humanhash: burger-sink-table-autumn
File name:LS-4288509.gz
Download: download sample
Signature Loki
Create hunting rule
File size:415'344 bytes
First seen:2020-06-16 05:44:35 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:UtuFMQg5jxQlG4RFxUi7E1QH5cXDXGrGMaQA0k8IJSfWUqMcHGTmzG4Z:Su45sg1KqDXeambCM5qMcHdG4Z
TLSH FA94237063B8178FB6B84EA4703A672175AD6BC53D67018CFC5861BF0BBC1985AF4E09
Reporter abuse_ch
Tags:gz Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: mgabilisim.com
Sending IP: 185.78.85.242
From: M.J.YANG (??? ??/ Mob:010-6477-3160) <acc.sj@sjmarine.co.kr>
Subject: Fwd: Shipment Docs (CI, PL & BL)
Attachment: LS-4288509.gz (contains "LS-4288509.exe")

Loki C2:
http://beesco.net/osama/osama2/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

SecuriteInfo.com.Win32.Injector.EMJE.18762.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-16 05:46:06 UTC
AV detection:
36 of 48 (75.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ijxallunm3i2dzr7np3656ndg3uni3ymodsmxwhf7wyyquevisxa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

zip 426e05ae8d66d1a1e63f6bf7eef9a336e8d46f0c70e4cbd8e5fdb188509544ae

(this sample)

Loki

Executable exe 3b0a8e4c6909d9feecf2cff17005e349bd191c562a90807da872aa39a1dfa420

  
Dropping
MD5 21e809387fcf5b48a7de98288a75d539
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 3b0a8e4c6909d9feecf2cff17005e349bd191c562a90807da872aa39a1dfa420

Comments