MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b3912f40e8ea374bca604408d6745c9c30cc6d931e0eda4a3efea3a7ee4a10f2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: b3912f40e8ea374bca604408d6745c9c30cc6d931e0eda4a3efea3a7ee4a10f2
SHA3-384 hash: 9503abcf909728fe7c28f5aa5adf870704a7967bb79d9730cb9c62548a59b3b614880580678eeebcb73f0ae26c442cac
SHA1 hash: 3a694e6b6417fe54df2f714dee3c57fba08a6333
MD5 hash: c0d65d296c544d0c4f91f83294c721c6
humanhash: diet-mars-mango-mango
File name:Quotation.rar
Download: download sample
Signature Loki
File size:341'221 bytes
First seen:2020-07-31 11:07:31 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:8ucDFotv2z0hqpKmirv8cYIY3q451rg4rW7ZHh5IU/1PiC4QomQt:bcUw0hqpX4v+6451rg467ZH7KCzQ
TLSH 52742329107278C4B6DCE90E33581F824D53786EEA501EAFDCC718A04763D1B66E6BBD
Reporter @abuse_ch
Tags:Loki rar


Twitter
@abuse_ch
Malspam distributing Loki:

HELO: amout08.alpha-mail.net
Sending IP: 216.230.254.48
From: "Catherine Minio"<info@sagami-su.co.jp>
Reply-To: <c.mini@blancmariclo.com>
Subject: AW: Quotation for new order
Attachment: Quotation.rar (contains "Quotation_pdf.exe")

Loki C2:
http://modevin.ga/~zadmin/lmark/gld/mode.php

Intelligence


File Origin
# of uploads :
1
# of downloads :
31
Origin country :
US US
Mail intelligence
Geo location:
CH Switzerland
Volume:
Low
Geo location:
Global
Volume:
Low
Vendor Threat Intelligence
Threat name:
Win32.Trojan.FormBook
Status:
Malicious
First seen:
2020-07-31 04:31:09 UTC
AV detection:
13 of 31 (41.94%)
Threat level
  5/5
Threat name:
Gamarue
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

rar b3912f40e8ea374bca604408d6745c9c30cc6d931e0eda4a3efea3a7ee4a10f2

(this sample)

  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment

Comments