MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 58f4881decac0c242e52e8736f9aafdd7d00ca69cf352709e601dbec63df44d1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 58f4881decac0c242e52e8736f9aafdd7d00ca69cf352709e601dbec63df44d1
SHA3-384 hash: 51b52d597a3b68bb94ace43837dc2737763e7c0b813d3387c811c652999734ba164b805dbc40e74bfd6f7bc4714f9cfe
SHA1 hash: d5177c2ddd2380d9fceb26b29b2b59e90b0f863b
MD5 hash: b3fc9f230a17c2772637e9d1635b3973
humanhash: fruit-hydrogen-artist-wolfram
File name:Payment Advice_pdf.gz
Download: download sample
Signature Loki
Create hunting rule
File size:357'009 bytes
First seen:2020-06-08 05:54:34 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:6ZbFDtYORBicg1sqo2Aruv5MXmRFkWPw0hmlKy9Mf+dj:URJ13icg1sqo2AqvGyHPkUy2GF
TLSH 5A7423EC8DAC4624118B4D627953226FFC461DFDE08CB73617FE24BF1DEBA898488915
Reporter abuse_ch
Tags:gz HSBC Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: mail.alrytechem.cf
Sending IP: 94.100.28.228
From: HSBC Advising Service <advising.service.69637848.2896140920@mail.hsbcnet.hsbc.com>
Subject: Payment Advice - Advice Ref:[G30482652755] / Priority payment / Customer Ref:[4400037369].
Attachment: Payment Advice_pdf.gz (contains "EV0000.exe")

Loki C2:
http://fuscon.ga/L3/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

SecuriteInfo.com.AI.Packer.B5D3473921.3130.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-08 05:56:07 UTC
AV detection:
35 of 48 (72.92%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ld2iqhpmvqgcilss5bzw7gvp3v6qbstjz42socpgahn6yy67itiq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

zip 58f4881decac0c242e52e8736f9aafdd7d00ca69cf352709e601dbec63df44d1

(this sample)

Loki

Executable exe df8c8a1f6deedddf338ac301ad42220e4d93a4dc7a7b548d1aa83cd03b2bbe36

  
Dropping
MD5 0885966e7cbec57c7c89a85d924272d0
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 df8c8a1f6deedddf338ac301ad42220e4d93a4dc7a7b548d1aa83cd03b2bbe36

Comments