MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3af7c117301132d9b15ce1281c41d75621f9f57aad118c906804e43a4caa67a7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3af7c117301132d9b15ce1281c41d75621f9f57aad118c906804e43a4caa67a7
SHA3-384 hash: 40ad477ef15c58d2d2238cd61d1fb67406efdca579a7f467fb6037458b33a7f9e7f5e38eb0feb6a792aff8272cddac78
SHA1 hash: 6e21d040f55c165665b70dcbd263ccda06886d75
MD5 hash: c3a5d0e2910dd0379bdc2dc99e0bfef8
humanhash: speaker-wisconsin-winter-mountain
File name:PEDIDO DE OFERTA 07-07-2020·pdf
Download: download sample
Signature Loki
Create hunting rule
File size:360'904 bytes
First seen:2020-07-07 09:26:21 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:xpXRaH4eXje/judvibflErlt4c3QLUyQ4HW6fUvOc4O2dPeolk2zl32XjLFwwIT:MYCjyjflEnQLJQ4HWaQJ4O2dPBl/GXGF
TLSH E774239F3B14EB84C33300685C2FDB96A4AD620D08B4F94DAB98D5D4B518F7A9642DCF
Reporter abuse_ch
Tags:geo Loki PEDIDO DE OFERTA 07-07-2020·pdf PRT


Avatar
abuse_ch
Malspam distributing Loki:

HELO: cust.codibee.com
Sending IP: 5.196.199.121
From: Universidade de Lisboa <admin@ulisboa.pt>
Subject: PEDIDO DE OFERTA (Universidade de Lisboa) EUI894/PT4633
Attachment: PEDIDO DE OFERTA 07-07-2020·pdf (contains "PEDIDO DE OFERTA 07-07-2020·pdf.exe")

Loki C2:
http://195.69.140.147/.op/cr.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Sanesecurity.Malware.27245.ZipHeur.HideExt.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3af7c117301132d9b15ce1281c41d75621f9f57aad118c906804e43a4caa67a7/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-07-07 09:28:06 UTC
AV detection:
35 of 48 (72.92%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=hl34cfzqcezntmk44eubyqoxkyq7t5l2vuiyzediatsdutfkm6tq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

zip 3af7c117301132d9b15ce1281c41d75621f9f57aad118c906804e43a4caa67a7

(this sample)

Loki

Executable exe b5cd221eb80d87f801573a029db972b0e71d4e61d4fa5c17fb7fc12c45dbe518

  
Dropping
MD5 537b024fe163c326ed10f7fbc3f38146
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b5cd221eb80d87f801573a029db972b0e71d4e61d4fa5c17fb7fc12c45dbe518

Comments