MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 aa79769dd9c36566f82c1e3ada150c3a3c4b530f746c8eb08a4ba32741a16931. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: aa79769dd9c36566f82c1e3ada150c3a3c4b530f746c8eb08a4ba32741a16931
SHA3-384 hash: 8ff333b88d8990eb2d1917fd0a32f1c89d556566cc4796cd89a13134f530f4851a9bf8166fc8fb86d3f6e28d17010fbb
SHA1 hash: f6ed2d285088105f2ecdb0a0b7aa3da0b1703720
MD5 hash: 46fd5c665df9dc399e600c7e16832b7e
humanhash: carolina-arkansas-august-yellow
File name:Document Copy For Shipment_Doc.zip
Download: download sample
Signature Loki
Create hunting rule
File size:451'094 bytes
First seen:2020-07-04 07:25:31 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:8CrrEwnttuozKLPQ9YDRJTWuIxMzYVBBw8py:BrEwnttuoOLQiD+r0
TLSH 5CA423113357E2A24ADCCF1503E68D60767ED163046C8D1C5F3DAF8D3F999B02B9AAA4
Reporter abuse_ch
Tags:Loki TNT zip


Avatar
abuse_ch
Malspam distributing Loki:

HELO: cinovasi.indowebsite.net
Sending IP: 103.112.244.74
From: TNT EXPRESS INC <support@express.com>
Subject: TNT Current Shipment Status
Attachment: Document Copy For Shipment_Doc.zip (contains "Document Copy For Shipment_Doc.exe")

Loki C2:
http://panpos.ae/stak/Panel/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
91
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

SecuriteInfo.com.Trojan.Delf.FareIt.Gen.7.10673.21609.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/aa79769dd9c36566f82c1e3ada150c3a3c4b530f746c8eb08a4ba32741a16931/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-07-04 07:27:04 UTC
AV detection:
29 of 48 (60.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=vj4xnhozynswn6bmdy5nufimhi6ewuyporwi5mekjorsoqnbneyq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

zip aa79769dd9c36566f82c1e3ada150c3a3c4b530f746c8eb08a4ba32741a16931

(this sample)

Loki

Executable exe f1e136159f76900454c4b84e7dee3455e2eeefadcc86ac21d1fa40750aecc5fa

  
Dropping
MD5 8b5c0576e991088667cc76b3a27bce1b
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 f1e136159f76900454c4b84e7dee3455e2eeefadcc86ac21d1fa40750aecc5fa

Comments