MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 90d3be6c036c2c0295fb424578f3b40851d059c89215a798054582c8ef74bacd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 90d3be6c036c2c0295fb424578f3b40851d059c89215a798054582c8ef74bacd
SHA3-384 hash: 31002ed1e522e4a213bbe652f5385e95d326af5772071ae85ac249445ceb4d75b8c051ece2161549c4eb4832130f3dec
SHA1 hash: ab90be4468d705eb245448c08ed121e29c34f18a
MD5 hash: 970fe47d2c5de485d5d0edec04be7906
humanhash: spaghetti-hot-oscar-undress
File name:REVISED_W37801235.arj
Download: download sample
Signature Loki
Create hunting rule
File size:309'378 bytes
First seen:2020-07-09 08:28:18 UTC
Last seen:Never
File type: arj
MIME type:application/x-rar
ssdeep 6144:KA570x4mKpFrLcVCUdpVcgFPfGNHVdfv7isnEbXt0J+QSFVSIWpuAINomrGU/jnL:p570opFHZyNdfGNfbisnMmJRsStFIK7Q
TLSH D16423F934B716A43354E028744F307A7CB1723A980C071C7AC68659A6BD6DEB4FE4B9
Reporter abuse_ch
Tags:arj Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: mail.csepower.com
Sending IP: 118.163.45.46
From: <seli.orant@yahoo.com>
Subject: NEW REQUIREMENT // REVISED
Attachment: REVISED_W37801235.arj (contains "W37801235_REVISEDexe")

Loki C2:
http://abidjiaintl.ml/sethr/logs/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/90d3be6c036c2c0295fb424578f3b40851d059c89215a798054582c8ef74bacd/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-07-09 08:30:07 UTC
AV detection:
32 of 48 (66.67%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=sdj343adnqwaffp3ijcxr45ubbi5awoisik2pgafiwbmr33uxlgq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

arj 90d3be6c036c2c0295fb424578f3b40851d059c89215a798054582c8ef74bacd

(this sample)

Loki

Executable exe ca56935bb84dfd978fe1702cd53aa045b25b9597324817d4e036fd6ad581dc3b

  
Dropping
MD5 1f3eed5fce32227de318e3affc9f80d2
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ca56935bb84dfd978fe1702cd53aa045b25b9597324817d4e036fd6ad581dc3b

Comments