MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9d3a644d403ac64e49ee7c5092bac8dd80ac73f158ac74fff650b3f7a321c05c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9d3a644d403ac64e49ee7c5092bac8dd80ac73f158ac74fff650b3f7a321c05c
SHA3-384 hash: 5267c1db0728cd964f709fffe6bc51e1a4c702b8539261bdd2249c9fbe4fe4bb79addbe3d222e399a4f30f7e495e01f5
SHA1 hash: d96981c4328b9fb962fb8fd8b85cf42df2130e29
MD5 hash: 1f75a1b576a6880a48191547ed641d77
humanhash: london-queen-speaker-yankee
File name:0211.cab
Download: download sample
Signature Loki
Create hunting rule
File size:385'421 bytes
First seen:2020-08-27 08:10:07 UTC
Last seen:Never
File type: cab
MIME type:application/vnd.ms-cab-compressed
ssdeep 6144:1TnxkZijQZlh8NuXgujq7MNskdvqENAKSSbIhdSRmEA3LkF3J95WFY:1eiMZLgouMNsKZAHSbIbB34FZ9V
TLSH 1884236FE5B5D279DD9201FEA10C7838794948C7ACE9FC04E03E5BC581AA8853BEED44
Reporter abuse_ch
Tags:cab Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: mail-smail-vm34.hanmail.net
Sending IP: 203.133.181.14
From: 이상훈 배상 <hjg0351@daum.net>
Subject: 요청자료목록
Attachment: 0211.cab (contains "PO.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
71
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9d3a644d403ac64e49ee7c5092bac8dd80ac73f158ac74fff650b3f7a321c05c/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-08-27 08:12:07 UTC
AV detection:
15 of 29 (51.72%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=tu5gitkahlde4spoprijfowi3waky47rlcwhj77wkcz7pizbyboa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Farheyt
Score:
0.80
Link:
https://yomi.yoroi.company/submissions/9d3a644d403ac64e49ee7c5092bac8dd80ac73f158ac74fff650b3f7a321c05c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

cab 9d3a644d403ac64e49ee7c5092bac8dd80ac73f158ac74fff650b3f7a321c05c

(this sample)

Loki

Executable exe ba18496e32559ad12e6a0fbe8716b40a793259681507eaffb66a3abe98941c5b

  
Dropping
MD5 3e4ecba50b9a9c2a372573f42f6e0b96
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 ba18496e32559ad12e6a0fbe8716b40a793259681507eaffb66a3abe98941c5b

Comments