MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3e7662653bff6a809d9ff3cd662740420f716cf2a84ca6d5f882ebe4fa674919. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3e7662653bff6a809d9ff3cd662740420f716cf2a84ca6d5f882ebe4fa674919
SHA3-384 hash: 78de22b274609046509e228f40e63177c63f2f17d70e34e08859323393bbb3a7fbae1a8ecf75ad4cd34e2509f744c4fa
SHA1 hash: 03457c26c6967431b5152d7ece94f2d82995da50
MD5 hash: e3291a9d0881361fd878475d367e677b
humanhash: idaho-magazine-lemon-red
File name:FASHION CHANNEL Doc.zip
Download: download sample
Signature Loki
Create hunting rule
File size:52'475 bytes
First seen:2020-06-21 06:48:05 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 1536:4gKLKYletHz5saivJA8Pog/PNLYrI5HzwK/4PY497HQ:4gI0lzivbP1PNkrskKgPx97w
TLSH 4433026E568842B5DE57F8C37EA0F00AFB650DB4830905F4451939EE8266A76BC4744F
Reporter abuse_ch
Tags:Loki zip


Avatar
abuse_ch
Malspam distributing Loki:

HELO: mail.fashionchannel.com.pk
Sending IP: 103.213.115.58
From: <m.owais@fashionchannel.com.pk>
Subject: FW: Our Export documents Inv- FC17-327- PI FC17-238 FASHION CHANNEL
Attachment: FASHION CHANNEL Doc.zip (contains "FASHION CHANNEL Doc.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
91
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.naKocTb-6331389-1
Create hunting rule

Win.Trojan.Autoit-7057849-0
Create hunting rule

Win.Trojan.Autoit-7057866-1
Create hunting rule

Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-21 02:56:50 UTC
AV detection:
26 of 31 (83.87%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=hz3gezj375vibhm76pgwmj2aiihxc3hsvbgknvpyqlv6j6thjemq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

zip 3e7662653bff6a809d9ff3cd662740420f716cf2a84ca6d5f882ebe4fa674919

(this sample)

Loki

Executable exe 6a125d4721a7e35497e41ec7670c7360c0557a32542234c7e2b0d6086a3cfcb3

  
Dropping
MD5 a6588afc5f18795d771fa1ea8580a4c8
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 6a125d4721a7e35497e41ec7670c7360c0557a32542234c7e2b0d6086a3cfcb3

Comments