MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 61847ea9c0b16bf4490794fa4bb8ba0fb7c32873c962259490fb8851fb8a2f10. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 61847ea9c0b16bf4490794fa4bb8ba0fb7c32873c962259490fb8851fb8a2f10
SHA3-384 hash: 4eec09d540f51973769f1b48443b55b0c2135afa13def648aa9c6e037afb1a2b432f205b22a882d820a91eead8756c83
SHA1 hash: 7a29c46d8e01c9db395ba7d6b52ecbfc74992527
MD5 hash: dcda9004dc253b305a827055446bfcb2
humanhash: tennis-iowa-double-yankee
File name:Request For Quotation_PDF.iso
Download: download sample
Signature Loki
Create hunting rule
File size:482'783 bytes
First seen:2020-07-13 07:04:19 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:QtERYjvmk/v+vquQsb2/lTGrZuYYF4Yw6Irvnuc0:8Emjvm5vqtskJgZ44YwJn70
TLSH EDA4235CE7F396BBDE1610CC6CD7D34C16C8DFB20B469E50C39750EA205BAA366A48C5
Reporter abuse_ch
Tags:iso Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: slot0.gordonjamese.com
Sending IP: 45.95.169.162
From: Paulina Mintus <info@gordonjamese.com>
Subject: Request For Quotation RQ17000721
Attachment: Request For Quotation_PDF.iso (contains "Request For Quotation.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Adware.Generic4.BBFB.UNOFFICIAL
Create hunting rule

PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/61847ea9c0b16bf4490794fa4bb8ba0fb7c32873c962259490fb8851fb8a2f10/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-07-13 02:17:14 UTC
AV detection:
25 of 29 (86.21%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=mgch5koawfv7isihst5exof2b634gkdtzfrclfeq7oefd64kf4ia._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

zip 61847ea9c0b16bf4490794fa4bb8ba0fb7c32873c962259490fb8851fb8a2f10

(this sample)

Loki

Executable exe 268c70192ec2b0f6d279ee5d946de5dc694a68cb8b27aa991a8de5c87c41dc63

  
Dropping
MD5 c1eb65ab319f55bd54b91a4ade3234ab
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 268c70192ec2b0f6d279ee5d946de5dc694a68cb8b27aa991a8de5c87c41dc63

Comments