MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a43336d3a04f84125f7603032b543cdb794fe98f2b3e44dca0c3f241a83abc79. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a43336d3a04f84125f7603032b543cdb794fe98f2b3e44dca0c3f241a83abc79
SHA3-384 hash: f0f7e84be3d857ae25bab769c4f571fb9ff4f54e2ed1e7154176f7479383ae7b3efc33528fdd1922bcb4639ac989e6a4
SHA1 hash: 8de9e8419666b5d1dc979964eaf0eea349a527f5
MD5 hash: 4e07df2c057c3f144decf9af3409c471
humanhash: asparagus-pluto-texas-may
File name:Invoice-MAJW-18-06-2020.PDF.gz
Download: download sample
Signature Loki
Create hunting rule
File size:348'503 bytes
First seen:2020-06-18 06:16:15 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 6144:wsojWjOtOXNkh1nEOyW6aHnnGtNPUJk9nKUy//NnFxU/7ReFUD:wseOXSfdZHn6umnKX/VnueFO
TLSH 40742367B5BE33B02D48AA0DD15A26DAD04F8D8460CABCFDC0F0A5B4906C645BAF5DD3
Reporter abuse_ch
Tags:gz Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: yugana.daxa.net
Sending IP: 111.221.42.94
From: SF SHIPPMENT INC © <triyani@dskusuma.com>
Subject: 通过SFExpress生成的电子发票_Invoice-MAJW-18-06-2020 : Air Waybill no 1395482082
Attachment: Invoice-MAJW-18-06-2020.PDF.gz (contains "Invoice-MAJW-18-06-2020.PDF.exe")

Loki C2:
http://purinex.co.id/k2/Panel/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-18 06:18:08 UTC
AV detection:
36 of 48 (75.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=uqztnu5aj6cbex3wambswvb43n4u72mpfm7ejxfaypzedkb2xr4q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

gz a43336d3a04f84125f7603032b543cdb794fe98f2b3e44dca0c3f241a83abc79

(this sample)

Loki

Executable exe 2dd2cafba54d0f7610c085a225debb2297cbe70d95b65833f85a0d62cfda6a87

  
Dropping
MD5 7d3cd87b7ae39c73b72ede9413d7f2e2
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2dd2cafba54d0f7610c085a225debb2297cbe70d95b65833f85a0d62cfda6a87

Comments