MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 89a155a50a256c0cfd37a4702f21168348dd162d1416da99f37a442d0fb8a2c1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: 89a155a50a256c0cfd37a4702f21168348dd162d1416da99f37a442d0fb8a2c1
SHA3-384 hash: 40aecfc7cd73c5ea77dbbeea1817c46b29357afad346378e09565f4b1a4d45669521a23856dbee077775cf7b105d27ff
SHA1 hash: 79c33d5abbd803fed85de4eada2022528e426730
MD5 hash: 590cce76cb4aa1f17f36406eea938844
humanhash: nebraska-maryland-violet-don
File name:SOLICITUD DE OFERTA 30-07-2020·pdf.zip
Download: download sample
Signature Loki
File size:385'605 bytes
First seen:2020-07-31 09:36:03 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:zVjhBSC3Yjdqvtc+BYFmYj1yYHeqkZeHBiZmH1Bh78s/HY6cDJvajipLTF4rJ5he:zVtYCIxEt7KhkoJ79HsDJajiFF2NSHEY
TLSH 3C84239E4F35B62D6811BAEE1C621DF45CE4BB369922D20E604C0C33596477AB152B3F
Reporter @abuse_ch
Tags:Loki zip


Twitter
@abuse_ch
Malspam distributing Loki:

HELO: mail.genonop.tk
Sending IP: 103.109.37.21
From: Universidad Nacional de San Marcos <admin@unmsm.edu.pe>
Subject: URGENT: SOLICITUD DE OFERTA (Universidad Nacional de San Marcos) EUI894/PE400
Attachment: SOLICITUD DE OFERTA 30-07-2020·pdf.zip (contains "SOLICITUD DE OFERTA 30-07-2020#U00b7pdf.exe")

Intelligence


File Origin
# of uploads :
1
# of downloads :
30
Origin country :
FR FR
Mail intelligence
Geo location:
Global
Volume:
Low
Geo location:
NL Netherlands
Volume:
Low
Vendor Threat Intelligence
Threat name:
Win32.Infostealer.Fareit
Status:
Malicious
First seen:
2020-07-31 09:37:04 UTC
AV detection:
30 of 48 (62.50%)
Threat level
  5/5
Threat name:
Tinba
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

zip 89a155a50a256c0cfd37a4702f21168348dd162d1416da99f37a442d0fb8a2c1

(this sample)

  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment

Comments