MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 86fa1d7cca4cf76579836edfa6c8a7cc8daafdad85ea8e8cbf052eab2a899055. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 86fa1d7cca4cf76579836edfa6c8a7cc8daafdad85ea8e8cbf052eab2a899055
SHA3-384 hash: d757978741e429a0e712e5d9d5ea016cb7511819a39d2d65f4e0ae136cba61f3f4598ffd26dd381830c6a854c4a3dad5
SHA1 hash: 29df65998799faf6fcbd68fbca78d2c3019e1760
MD5 hash: b7eed4bc1c4e01f156f6a31bba7a6b4e
humanhash: arkansas-foxtrot-bravo-happy
File name:INVOICE-001158AWB_pdf..arj
Download: download sample
Signature Loki
Create hunting rule
File size:427'938 bytes
First seen:2020-04-29 17:57:41 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:kPZqN5QXKKpNLLfUk0FU4aPhFwtBLV1Ow0:kPoNeKa3GFU4aPhFKtfj0
TLSH B194230C60B13A0836560720E150A6776734F11FA8C635BFE5D3EBBF5E6B4B84A7849E
Reporter abuse_ch
Tags:arj Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: host.cardiglogistics.com
Sending IP: 207.148.117.51
From: choi.jy@jinyangshipping.co.kr
Subject: Invoice Approval Status
Attachment: INVOICE-001158AWB_pdf..arj (contains "INVOICE-001158AWB_pdf..exe")

Loki C2:
http://oneflextiank.com/crazy/five/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-04-28 21:47:24 UTC
File Type:
Binary (Archive)
Extracted files:
39
AV detection:
29 of 48 (60.42%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=q35b27gkjt3wk6mdn3p2nsfhzsg2v7nnqxvi5df7auxkwkujsbkq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

zip 86fa1d7cca4cf76579836edfa6c8a7cc8daafdad85ea8e8cbf052eab2a899055

(this sample)

Loki

Executable exe 2b59fb2c9fbc9f96a52c190ab272a383fbc87ae444ca0b10472f3d28cef226b0

  
Dropping
MD5 fe402915a2535d1ec0b0db365e4ba05a
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2b59fb2c9fbc9f96a52c190ab272a383fbc87ae444ca0b10472f3d28cef226b0

Comments