MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3db12d511a17c3a92e52da4b9ce71cd5f69637775912e31edaf3a6264e4ca409. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3db12d511a17c3a92e52da4b9ce71cd5f69637775912e31edaf3a6264e4ca409
SHA3-384 hash: 29f78e06611137cde6810181df1d70161e808889388652561e2777b7997e488f48f5bcf5284fea9e3adb326789850004
SHA1 hash: 6cae47d68c704d29b75e13ce1a3f145475d3350c
MD5 hash: 1fd50fb40fc59d5b9045dfa104b3d70c
humanhash: nebraska-hotel-music-apart
File name:TRF.00584532366.iso
Download: download sample
Signature Loki
Create hunting rule
File size:421'888 bytes
First seen:2020-07-06 05:43:56 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 6144:bCCCotjJ1eIvzNz9PcYri/hhaBqkrMw69/Gvqac9CWqhejQ0Xt/1J5JjT:bCNuF1eIrNOoi/heJ69MzGCWwjQN
TLSH 7694129ADB92B566D08918BB0162EA043B17F026F7BE6B17364CCC5AFB773479D80350
Reporter cocaman
Tags:iso Loki


Avatar
cocaman
Malicious email
From: a.elhawary@gulfskygroup.com
Received: from whm.dhakacom.com (whm.dhakacom.com [202.4.96.47])
Date: Mon, 06 Jul 2020 06:19:09 +0600
Subject: RE:PAYMENT ADVICE
Attachment: TRF.00584532366.iso

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.Upx-49
Create hunting rule

PUA.Win.Packer.UpxProtector-1
Create hunting rule

PUA.Win.Packer.Upolyx-12
Create hunting rule

PUA.Win.Packer.Upx-6
Create hunting rule

PUA.Win.Packer.Upx-4
Create hunting rule

PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3db12d511a17c3a92e52da4b9ce71cd5f69637775912e31edaf3a6264e4ca409/
Threat name:
Win32.Trojan.DelfFareIt
Create hunting rule
Status:
Malicious
First seen:
2020-07-06 00:57:56 UTC
File Type:
Binary (Archive)
Extracted files:
88
AV detection:
18 of 29 (62.07%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=hwys2ui2c7b2slss3jfzzzy42x3jmn3xlejoghw26otcmtsmuqeq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

iso 3db12d511a17c3a92e52da4b9ce71cd5f69637775912e31edaf3a6264e4ca409

(this sample)

Loki

Executable exe 7c7a4a9bb34b9c0f6167e07c150c1cd48257a98d3383af09e7962a61583d014e

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7c7a4a9bb34b9c0f6167e07c150c1cd48257a98d3383af09e7962a61583d014e
  
Dropping
Loki

Comments