MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8f0db0c6943fc5010a35a3d9b51c9f11fdd49719dec85d491ad66b2a8cb080e7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8f0db0c6943fc5010a35a3d9b51c9f11fdd49719dec85d491ad66b2a8cb080e7
SHA3-384 hash: bad41b1996da2dc47f8305b9e6025598633400de849c31a407f9f637a20c3538891d8f1f44b9e8b3e32070e49de2a41e
SHA1 hash: 47820d67144ed5b9da9f301f30feadbf0c0523ae
MD5 hash: 299d1c340f681aec37e4cb32ad0038f9
humanhash: nine-illinois-orange-summer
File name:Shipping Doc_Maersk Kleven V.949E.gz
Download: download sample
Signature Loki
Create hunting rule
File size:350'547 bytes
First seen:2020-07-02 09:27:31 UTC
Last seen:2020-07-02 11:05:36 UTC
File type: zip
MIME type:application/zip
ssdeep 6144:tzcPlgir1uIAKKaguZmLXwHvOf7FVY8TNSMhvhGrJ0RM8xNSgO/E7uGZUsFinQNO:tzcJr1ua6WOjFi8ppvhGFiMcN4VdsFiN
TLSH 9D7423D93E12A74B6E0A934529B489869FC24C2C187FB5E748321DB6A0E53F537C8773
Reporter abuse_ch
Tags:gz Loki Maersk


Avatar
abuse_ch
Malspam distributing Loki:

HELO: maersk.com
Sending IP: 103.99.0.18
From: A.P. Moller - Maersk (Shanghai, Head Office) <nooreply@maersk.com>
Subject: RE: URGENT!!! SHIPPING DOC BL,SI,INV#462345 // MAERSK KLEVEN V.949E
Attachment: Shipping Doc_Maersk Kleven V.949E.gz (contains "Z40001.exe")

Loki C2:
http://rostovafile.cf/L3/fre.php

Intelligence

File Origin
# of uploads :
3
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Fareit-6863179-0
Create hunting rule

PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8f0db0c6943fc5010a35a3d9b51c9f11fdd49719dec85d491ad66b2a8cb080e7/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-07-02 09:29:05 UTC
AV detection:
24 of 29 (82.76%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=r4g3bruuh7cqccrvupm3khe7ch65jfyz33ef2si22zvsvdfqqdtq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

zip 8f0db0c6943fc5010a35a3d9b51c9f11fdd49719dec85d491ad66b2a8cb080e7

(this sample)

Loki

Executable exe 2a629bf921059a2214de5a7586d53563fd5caa6b92bcb4532ba6240d1c24ffbc

  
Dropping
MD5 09f65f1ee0acd350915f17e24596cbdf
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2a629bf921059a2214de5a7586d53563fd5caa6b92bcb4532ba6240d1c24ffbc

Comments