MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 106f340d3d9003bb79b8e6d22bfa78e4ecedd18d6974dd281539453c81510bc5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 106f340d3d9003bb79b8e6d22bfa78e4ecedd18d6974dd281539453c81510bc5
SHA3-384 hash: 492a10f74c0740b706548ed72bd99439506cadd575c512836207f54da4f2a9d1d6d2a7125fb9834805f47b515557699a
SHA1 hash: 9d0268b418eb4f62341f18f6284b52f763df4e91
MD5 hash: fbf6bf50465c67bed156d243978cd3e2
humanhash: georgia-red-quebec-football
File name:copy-fr3893_pdf.gz
Download: download sample
Signature Loki
Create hunting rule
File size:362'201 bytes
First seen:2020-06-08 05:43:14 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:00Dq+clvFa6qIJt2KAcY7swAlsF3xtgpqb4Ouc2fWGGBe:00O+csogkYgwxtXnt2+Fo
TLSH 1874234444C7723556E66A2C6CC9C6F22B5F5298CD2FA479AACC9BC01B4837C870AFD7
Reporter abuse_ch
Tags:gz Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: mail.alrytechem.cf
Sending IP: 94.100.28.228
From: DOOSAN GROUP <info@doosan.com>
Subject: DOOSAN RFQ(M/V NAVIOS STAR AND MV Nord Galaxy - Inquiry
Attachment: copy-fr3893_pdf.gz (contains "copy-fr3893_pdf.exe")

Loki C2:
http://fuscon.ga/L3/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
57
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Sanesecurity.Malware.25815.ZipHeur.BadExt.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-08 05:45:05 UTC
AV detection:
36 of 48 (75.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=cbxtidj5sab3w6ny43jcx6ty4two3umnnf2n2kavhfctzakrbpcq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

zip 106f340d3d9003bb79b8e6d22bfa78e4ecedd18d6974dd281539453c81510bc5

(this sample)

Loki

Executable exe ec0d6a9d9c1b10cab9fc3be0a8ff4f771120a1bea9c237f4ffdaa44b12ac3bc5

  
Dropping
MD5 ade57ec817ac52863da655db35db20c6
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ec0d6a9d9c1b10cab9fc3be0a8ff4f771120a1bea9c237f4ffdaa44b12ac3bc5

Comments