MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 97f65b96ee3944107ee7c13d6a6e09af84e9873694a7a0bd14c1fc80c44132c1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 97f65b96ee3944107ee7c13d6a6e09af84e9873694a7a0bd14c1fc80c44132c1
SHA3-384 hash: c9d03a5c5658811e2a54ca4adbbaf83875e1400e52bad6f182a74da96a23db2919a15c829914ede8cd8751704d23f345
SHA1 hash: 537f8c1ea805595932a06bac32f0e6240ce75df3
MD5 hash: e9748513ff128c0e7f0e8760a1faffbd
humanhash: dakota-sink-west-three
File name:Z1357T.gz
Download: download sample
Signature Loki
Create hunting rule
File size:352'259 bytes
First seen:2020-07-03 06:27:32 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:Uo6HTgMR93YYaABmGZ6Jkt8NxWiKAxrluIHtrNnEtMbZIBqKBsUWz:UoqgMDYYW5x7rcIh90M90cUWz
TLSH 1D7423651CF21482A18FC41B7B89B35B53ABFBB161D7D29D2139389BC649D41BB2CD0C
Reporter abuse_ch
Tags:gz Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: yahoo.com
Sending IP: 103.125.190.68
From: Tensile ltd <office.o@yahoo.com>
Subject: Documents Confirmation
Attachment: Z1357T.gz (contains "Z1357T.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
71
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

SecuriteInfo.com.Trojan.Delf.FareIt.Gen.7.31846.3427.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/97f65b96ee3944107ee7c13d6a6e09af84e9873694a7a0bd14c1fc80c44132c1/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-07-03 06:29:06 UTC
AV detection:
34 of 48 (70.83%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=s73fxfxohfcba7xhye6wu3qjv6cotbzwsst2bpiuyh6ibrcbglaq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

zip 97f65b96ee3944107ee7c13d6a6e09af84e9873694a7a0bd14c1fc80c44132c1

(this sample)

Loki

Executable exe e86f7ae2a034a0467d2a3c77c7cce86a129faffebb4cfef28ed912dcee1b7ad0

  
Dropping
MD5 6fcd93bb3957cb0fc3283bf092a5d80c
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e86f7ae2a034a0467d2a3c77c7cce86a129faffebb4cfef28ed912dcee1b7ad0

Comments