MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3c3eb1f74b144a52de5f568360dbd57f9fc152d65e94074deec9af61435e04e0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3c3eb1f74b144a52de5f568360dbd57f9fc152d65e94074deec9af61435e04e0
SHA3-384 hash: 5758a75b04f28d712cf61fd42845cc438879d79940bfc6cad683ca41e3bf6d9a8a026e9185ffe53e844148c5350248d0
SHA1 hash: 40b4e1f6258da3736cd831330aa4ba5ad911f053
MD5 hash: fcfb495ca11560a5f532c9381c85da5a
humanhash: alaska-finch-harry-bacon
File name:MAJW-18-06-2020 Air Waybill Receipt no 1395482082-pdf.gz
Download: download sample
Signature Loki
Create hunting rule
File size:459'539 bytes
First seen:2020-06-25 12:10:49 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 12288:RzoJ7xDOygSxqMhLY8dftl2GSpfpurwk/P5r:RzoBxkSHhLB5ifOwkJr
TLSH 9EA42361516EBFF405CA43D2E345CDA9314FC9392FCECAAA844E72E04B6831E7625E4D
Reporter abuse_ch
Tags:DHL gz Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: flashmails.webmail.co.id
Sending IP: 111.68.113.28
From: Formal Delivery Clearance Support (DHL ID) <sales@kenkosahabat.id>
Subject: Electronic invoice generated by DHL Express_Invoice-MAJW-18-06-2020: Air Waybill no 1395482082
Attachment: MAJW-18-06-2020 Air Waybill Receipt no 1395482082-pdf.gz (contains "gunzipped")

Loki C2:
http://airmanselectiontest.com/dest/Panel/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

PUA.Win.Adware.Webalta-6862190-0
Create hunting rule

SecuriteInfo.com.Win32.Herz.B.10803.7096.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3c3eb1f74b144a52de5f568360dbd57f9fc152d65e94074deec9af61435e04e0/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-25 12:36:07 UTC
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=hq7ld52lcrfffxs7k2bwbw6vp6p4cuwwl2kaotpozgxwcq26atqa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

gz 3c3eb1f74b144a52de5f568360dbd57f9fc152d65e94074deec9af61435e04e0

(this sample)

Loki

Executable exe dce26a8c6d8bfea9c73726b5ae0850150deb5e3d1526d46f25226eb8f6c953fc

  
Dropping
MD5 3cba2abf22029db6b6d961cbec2d1ac1
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 dce26a8c6d8bfea9c73726b5ae0850150deb5e3d1526d46f25226eb8f6c953fc

Comments