MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c5c03ed092f1f4d36a62f1006e6b7fb8fba7f08fd54e09918c67029970829c84. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c5c03ed092f1f4d36a62f1006e6b7fb8fba7f08fd54e09918c67029970829c84
SHA3-384 hash: 14f19f7d93e47529ca1217274e04e7e6f0224f1f67de29f02ddd6dfcfaea47b2a6fde4ddea80da14d98fe17b92d4f1e9
SHA1 hash: 37573af5f09469abb9297646562dd359268d2d46
MD5 hash: 5796f4cde28079c537ae19afa3f678a9
humanhash: pip-eight-cardinal-nevada
File name:BKG PNPN203746.xls.gz.zip
Download: download sample
Signature Loki
Create hunting rule
File size:194'944 bytes
First seen:2020-06-18 05:32:24 UTC
Last seen:2020-06-18 05:45:25 UTC
File type: zip
MIME type:application/zip
ssdeep 3072:rqGL6AG7Kmg88vVO7DR5DL0wqGo9nHvS5iN5bMWCI0fTKUOhw1eSotsclDz5bPcx:rTL6AG7KbBvVOBF/SHvr5wWR0f/OhwwW
TLSH E61413203758B8C055A1EE9B70F57101684CEC73ECB3E569E519704B6A8A88F2E4FFD5
Reporter abuse_ch
Tags:Loki zip


Avatar
abuse_ch
Malspam distributing Loki:

HELO: uapcu.org
Sending IP: 95.211.208.25
From: Vicheth <info1@uapcu.org>
Subject: RE: BOOKING PNH FOR ETD JUNE-2020 BKG# PNPN203746
Attachment: BKG PNPN203746.xls.gz.zip (contains "BKG# PNPN203746.xls.gz.exe")

Loki C2:
http://uapcu.org/bin/cdi-bin/five/fre.php

Intelligence

File Origin
# of uploads :
2
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.FakeAlert.9060.1798.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-18 01:31:52 UTC
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=yxad5ues6h2ng2tc6eag4237xd52p4ep2vhatemmm4bjs4ectsca._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

zip c5c03ed092f1f4d36a62f1006e6b7fb8fba7f08fd54e09918c67029970829c84

(this sample)

Loki

Executable exe 057f4ea12c391a6fb346574383fb2a4feaf692e4bdb8383160b34672fdf239da

  
Dropping
MD5 00e0a2a9a97c415975ef5f9734653a9b
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 057f4ea12c391a6fb346574383fb2a4feaf692e4bdb8383160b34672fdf239da

Comments