MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a2c210bc0a93a0020d9ab7d164dd21ca83132f4698454007c5ba1537783f5f05. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a2c210bc0a93a0020d9ab7d164dd21ca83132f4698454007c5ba1537783f5f05
SHA3-384 hash: 5893f2c18ceb15aee2fc314c424cc405d97ebb018ae404c486bd561950effe29df9e07fdc7c509cc657e55d576b62170
SHA1 hash: bd025c863be3d3e34f2acbb02a94d0740b67d90f
MD5 hash: 503f99cca712608310319d80101d7d42
humanhash: winter-oklahoma-india-equal
File name:GN-900039357.gz
Download: download sample
Signature Loki
Create hunting rule
File size:356'925 bytes
First seen:2020-06-08 06:07:09 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:Wm+swf8i6uLmHR4j/sFAmSCAHZ8KR3V2FtZE8UDos2H2+R6zP:WJP6uqsmiZ8KRlSqDofNRO
TLSH E47423E11AB58CBBF09847359B6A0C8E512C5CEF2856C60B1349F1FBBE6F144F455906
Reporter abuse_ch
Tags:gz Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: spindigital.servers.prgn.misp.co.uk
Sending IP: 185.52.25.7
From: PT. Mitratani <mitrataniduatujuh.gp@gmail.com>
Subject: Proforma invoice June 2020 [1st shipment]
Attachment: GN-900039357.gz (contains "GN-900039357.exe")

Loki C2:
http://chosunshippinq.com/three/gates2/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

SecuriteInfo.com.AI.Packer.B5D3473921.3130.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-08 06:09:04 UTC
AV detection:
35 of 48 (72.92%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ulbbbpaksoqaedm2w7iwjxjbzkbrgl2gtbcuab6fxikto6b7l4cq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

zip a2c210bc0a93a0020d9ab7d164dd21ca83132f4698454007c5ba1537783f5f05

(this sample)

Loki

Executable exe da78f6a531278849874d557e292f38d3c4db08c9bf4d2d5b4eebf0709342edea

  
Dropping
MD5 fdfb899944740761e25ab0c7b54227e0
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 da78f6a531278849874d557e292f38d3c4db08c9bf4d2d5b4eebf0709342edea

Comments