MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2a4e12f63aad38c05221caaf3e9c4596d15bad3ec47f740cb5d0ba2bc668edb8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2a4e12f63aad38c05221caaf3e9c4596d15bad3ec47f740cb5d0ba2bc668edb8
SHA3-384 hash: 508a644ab49f4d428a53b0300a38c3179189eefec93b3e1c10a065f2d661f3f0f592a1e0b12a3ca1d354b7765046e48d
SHA1 hash: b5d55135b0ff54bbef5f57648ddbffdcee8e9a83
MD5 hash: 5c69f7539f4e71188562f865473d38bb
humanhash: violet-island-ten-avocado
File name:io9tpNe1vkxazIE.rar
Download: download sample
Signature Loki
Create hunting rule
File size:482'041 bytes
First seen:2021-01-11 08:13:12 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 12288:Vp9NsrcyE5q9VGSsjF/rR+aqlwdbUh0dZws4V6lpat2U5g3:VLGrO5KVGSirslwdbV8B6lct2U5g3
TLSH F3A42396FA902E5EA64CE7D048B020101677732EA8E7E93E712BD20E275F67CC517D1D
Reporter abuse_ch
Tags:HostGator Loki rar


Avatar
abuse_ch
Malspam distributing Loki:

HELO: gateway33.websitewelcome.com
Sending IP: 192.185.145.23
From: MC Shipping Ltd. <fujiwara@mc-ship.com>
Reply-To: fujiwara@mc-ship.com
Subject: MV QU SHAN HAI
Attachment: io9tpNe1vkxazIE.rar (contains "io9tpNe1vkxazIE.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
115
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2a4e12f63aad38c05221caaf3e9c4596d15bad3ec47f740cb5d0ba2bc668edb8/
Threat name:
ByteCode-MSIL.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2021-01-11 08:14:07 UTC
AV detection:
19 of 46 (41.30%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=fjhbf5r2vu4maurbzkxt5hcfs3ivxlj6yr7xidfv2c5cxrti5w4a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/2a4e12f63aad38c05221caaf3e9c4596d15bad3ec47f740cb5d0ba2bc668edb8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

rar 2a4e12f63aad38c05221caaf3e9c4596d15bad3ec47f740cb5d0ba2bc668edb8

(this sample)

Loki

Executable exe e7d50b59225e79357709cf4c445f9b3309789e806f3b4b376bb11b2fafb724fc

  
Dropping
MD5 4d74a678342b7bddf06144746a4c2760
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 e7d50b59225e79357709cf4c445f9b3309789e806f3b4b376bb11b2fafb724fc

Comments