MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 86a4c4213200b58cec167cbfa33e1c548578ae0e4dca41deda3a1ec1d32db0ba. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 86a4c4213200b58cec167cbfa33e1c548578ae0e4dca41deda3a1ec1d32db0ba
SHA3-384 hash: 1e2cdbbee1ed0d0c7ed6af36d2b4fcb1d8212bef6e9d72cbd7d48f2a870a8fd949c8ad5afec8aafc4c805e13f0ab947f
SHA1 hash: 687282e691ca446e131c5cfa98238b9b657d0def
MD5 hash: d5fb1aad8ce33e116c2868159fd24d7e
humanhash: social-vermont-finch-snake
File name:Payment Advice.gz
Download: download sample
Signature Loki
Create hunting rule
File size:352'158 bytes
First seen:2020-06-29 06:09:46 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 6144:/tRSVroeMd+axbwfg4gQ0X87sK+gVLf7arqNcek+NtA21OG3YXxMLxpf/uzBnQW:/tcNo5saxb0g4tz78aLf+unk+nAgYXSk
TLSH 3B7423F7CCF7D2F1ABB266DA9A04B59C43A9117C6A6AC301A14E3D4BC542C5C4B7F280
Reporter abuse_ch
Tags:gz HSBC Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: staging.maykenbel.com
Sending IP: 195.12.49.182
From: HSBC Bank <advising.service.45111388.809972.2660902352@mail.hsbcnet.hsbc.com>
Subject: Payment Advice - Advice Ref:[GLV114306747] / ACH credits / Customer Ref:[2020011021190201BND] / Second Party Ref:[]
Attachment: Payment Advice.gz (contains "Payment Advice.exe")

Loki C2:
http://rastaturin.gallery/smart/Panel/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Fareit-6863179-0
Create hunting rule

Win.Malware.Smdd-6922230-0
Create hunting rule

PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/86a4c4213200b58cec167cbfa33e1c548578ae0e4dca41deda3a1ec1d32db0ba/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-29 06:11:07 UTC
AV detection:
33 of 48 (68.75%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=q2smiijsac2yz3awps72gpq4kscxrlqojxfedxw2hipmduznwc5a._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

gz 86a4c4213200b58cec167cbfa33e1c548578ae0e4dca41deda3a1ec1d32db0ba

(this sample)

Loki

Executable exe 71227084490e9fa2ba6325531f442907d7cd6ab1a490335c2c60f8042b8d9040

  
Dropping
MD5 f9e8bd6943ab40c073a8745628fdd03d
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 71227084490e9fa2ba6325531f442907d7cd6ab1a490335c2c60f8042b8d9040

Comments