MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d0ef1972be33c8538b13c284c66b2f3fb82fcc74ff6549865e78435fdda0ff20. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d0ef1972be33c8538b13c284c66b2f3fb82fcc74ff6549865e78435fdda0ff20
SHA3-384 hash: 0d98fae7e0dbd1ff99edc88f926b30cdd6bc7ad9ff149d174e8d6561cae134236793089674c3fb555ff2024e1e81ac58
SHA1 hash: 7c1cc2f72c34adf50eca91e4fca70235d0259eb9
MD5 hash: 07bf20eb68ab23cbc4177e496ee53ea0
humanhash: fanta-india-lion-neptune
File name:SALES OFFER SQ-2000563-20200713.zip
Download: download sample
Signature Loki
Create hunting rule
File size:483'956 bytes
First seen:2020-07-13 06:59:57 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:5LogVbn+FNI8T0laintY2C5OHw15igS01HctKYtE0gtxv8:5Logwj4lx6OHwaF0VN0gtp8
TLSH 78A423B1A752E0535EEDADB213FC4ED89187C2742FC9049D52BD438383DDAB2ADD6812
Reporter abuse_ch
Tags:Loki zip


Avatar
abuse_ch
Malspam distributing Loki:

HELO: metito.com
Sending IP: 95.211.208.25
From: Syed Musharraf <Syed.Musharraf@metito.com>
Subject: SALES OFFER SQ-2000563
Attachment: SALES OFFER SQ-2000563-20200713.zip (contains "SALES OFFER SQ-2000563-20200713.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Adware.Generic4.BBFB.UNOFFICIAL
Create hunting rule

PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d0ef1972be33c8538b13c284c66b2f3fb82fcc74ff6549865e78435fdda0ff20/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-07-13 07:01:12 UTC
AV detection:
26 of 48 (54.17%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=2dxrs4v6gpefhcytykcmm2zph64c7tdu75sutbs6pbbv7xna74qa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

zip d0ef1972be33c8538b13c284c66b2f3fb82fcc74ff6549865e78435fdda0ff20

(this sample)

Loki

Executable exe a7dfc5f40953d849020c877f5bd07b18e8d064c12170eb74c5932a79c207968d

  
Dropping
MD5 f8a93fd47e0bdeafe24278c34b021b13
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a7dfc5f40953d849020c877f5bd07b18e8d064c12170eb74c5932a79c207968d

Comments