MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 41c5468911c4fa88b1d96c7dc4bc4db6bd7dd0dd9c71e43d578597da74d31aec. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 41c5468911c4fa88b1d96c7dc4bc4db6bd7dd0dd9c71e43d578597da74d31aec
SHA3-384 hash: 31289d3294b46fb608ab80dacebf4a1d819d76ee09e32bc21c7ef2e3a3136759a89da0dbf463e8556cc2710dfdb36cdf
SHA1 hash: 62d64c636274b369308cf39bd5eb666e8d37b3d6
MD5 hash: 0c65294c3fb6018487918731512d1e99
humanhash: vermont-wyoming-wolfram-solar
File name:COVID-19 Relief Payment Approval.pdf.gz
Download: download sample
Signature Loki
Create hunting rule
File size:197'889 bytes
First seen:2020-05-14 07:24:23 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 3072:1puCLHLkXdRIR9kSwzyLOJZoJYa+a/RTdcbDpGRoGcg5dNypnOXQJzf5:28HLkNdz2OJqYI8MRoGcsdNypOXo
TLSH 4F141266E5B522F99B0F76B33E44DCBAE89D4DA3C52CB948CE4B83511087B11F227493
Reporter abuse_ch
Tags:COVID-19 geo gz Loki ZAF


Avatar
abuse_ch
Malspam distributing Loki:

HELO: slot0.ammeraalbeltechusa.info
Sending IP: 45.95.169.110
From: covid19fund@smmesa.gov.za
Subject: COVID-19 Relief Payment Approval (Ref: C19V202991)
Attachment: COVID-19 Relief Payment Approval.pdf.gz (contains "gunzipped")

Loki C2:
http://schelliing.com/~zadmin/b/lk/f/gate.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-05-14 07:36:44 UTC
AV detection:
22 of 31 (70.97%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ihcunciryt5irmoznr64jpcnw26x3ug5try6ipkxqwl5u5gtdlwa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

gz 41c5468911c4fa88b1d96c7dc4bc4db6bd7dd0dd9c71e43d578597da74d31aec

(this sample)

Loki

Executable exe 0809fa3d6ef674a2b66f7acf715a19ada2020d2be16a4df938b33d67604af83e

  
Dropping
MD5 7cd4b6d20d612bf8e794f9db1ce2fb92
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 0809fa3d6ef674a2b66f7acf715a19ada2020d2be16a4df938b33d67604af83e

Comments