MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e3c94b033b803e1f45f6da9e0fb141fea38c55068c975404ca99e4c49dbee45a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e3c94b033b803e1f45f6da9e0fb141fea38c55068c975404ca99e4c49dbee45a
SHA3-384 hash: 2d5e25e1cdc45c50c591bc833fe40b5b6db56a65ec6f8561a64d47bb5b361fee759260392c767efdf0ced10f96774a6c
SHA1 hash: f315adecebc4046f9848215079b27826abc08e74
MD5 hash: 32d22136aaa9afb4af8edf1f4a69009d
humanhash: wisconsin-winner-earth-video
File name:Surat_Penyerahan_PPH23_update_july_2020.pdf.gz
Download: download sample
Signature Loki
Create hunting rule
File size:343'757 bytes
First seen:2020-06-29 06:48:13 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 6144:DpZppfYW645usKoklQjEFU/SON44FzzOiQOGaoqnXKO7bhnm/dEqp+UZO:DpZppfYq5uskqEFISOnF/dXKO7bhmRpY
TLSH 6974239630F3AD2123FDADC4868481BC6EE96D6C176F4C48F2BB53D8144898A53C5EE7
Reporter abuse_ch
Tags:gz Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: ezw02-outboundmail.oncloud.co.id
Sending IP: 117.54.5.20
From: RPX Logistics pvt. ltd <qiqi@multiguna-ip.co.id>
Subject: Cashlist Account Information Letter DEWI SAMUDRA KUS UMA,PT
Attachment: Surat_Penyerahan_PPH23_update_july_2020.pdf.gz (contains "Surat_Penyerahan_PPH23_update_july_2020.pdf.exe")

Loki C2:
http://globalex.uz/gg/Panel/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Fareit-6863179-0
Create hunting rule

PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e3c94b033b803e1f45f6da9e0fb141fea38c55068c975404ca99e4c49dbee45a/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-29 06:50:06 UTC
AV detection:
34 of 48 (70.83%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=4peuwaz3qa7b6rpw3kpa7mkb72ryyvigrslvibgkthsmjhn64rna._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

gz e3c94b033b803e1f45f6da9e0fb141fea38c55068c975404ca99e4c49dbee45a

(this sample)

Loki

Executable exe 4dd20ae06b9a6d97087f3b7023bd68847640a6326d532029859472142cfbb9fb

  
Dropping
MD5 13187746c5e3d526db4f5fa97218fc59
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4dd20ae06b9a6d97087f3b7023bd68847640a6326d532029859472142cfbb9fb

Comments