MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 892170f0a21df7c9088243c81ac426da7b6452daab80d1beda575be5e320c555. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 892170f0a21df7c9088243c81ac426da7b6452daab80d1beda575be5e320c555
SHA3-384 hash: 861631c228a99c5e2863186ba024092a804d1fe47a66f6bd43f3f8b30ca5fa016e979c02f9ef5acecdd107fff721c21b
SHA1 hash: 0b70e3d4670bedb6db5122f7cfa07afad6f53781
MD5 hash: e82c898f91b8af379c7156575420519e
humanhash: oven-cat-stairway-hydrogen
File name:payment_voucher.zip
Download: download sample
Signature Loki
Create hunting rule
File size:219'494 bytes
First seen:2020-06-25 12:40:07 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:u+zUeOhSpfwga0Vyh2c5nE/zelcwZd4h7QDO3v0gX:u+zlRXaeyhyKlcwAt/0gX
TLSH 812422EDB081EB58CE859F19E166F944712C0F1AE39285B13025AB5B0EF3062CBF9657
Reporter abuse_ch
Tags:Loki zip


Avatar
abuse_ch
Malspam distributing Loki:

HELO: cun23.com
Sending IP: 45.127.62.110
From: antonio@mendenhall.gq
Subject: Notice Payment to Suppliers
Attachment: payment_voucher.zip (contains "payment_voucher.exe")

Loki C2:
http://beckhoff-th.com/kon/kon1/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Inject3.44022.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.23482.ZipHeur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/892170f0a21df7c9088243c81ac426da7b6452daab80d1beda575be5e320c555/
Threat name:
ByteCode-MSIL.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-25 13:53:41 UTC
AV detection:
31 of 48 (64.58%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=reqxb4fcdx34scecipebvrbg3j5wiuw2voandpw2k5n6lyzayvkq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

zip 892170f0a21df7c9088243c81ac426da7b6452daab80d1beda575be5e320c555

(this sample)

Loki

Executable exe a4470807c1518543552911cc3eaf6d9609e545ff44d961f32110166ff1c2b59c

  
Dropping
MD5 7dce904beff55ef2a7098552ffc77202
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a4470807c1518543552911cc3eaf6d9609e545ff44d961f32110166ff1c2b59c

Comments