MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 aed11b205e13086fbf9d216cb57eb4865de0384a7941866ed87c2dd6e6bbc6f7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: aed11b205e13086fbf9d216cb57eb4865de0384a7941866ed87c2dd6e6bbc6f7
SHA3-384 hash: 5f1913dbde84f4698a283687bf20330ef427c49916885797ed610c770ba72dbe215d915a624c8267dcc8fe23adb1138f
SHA1 hash: 2f1c7e0781edece42909a56d1c924f6d97b163a0
MD5 hash: 935d236de3bdb05d25fad76f8e62f624
humanhash: jupiter-music-carbon-diet
File name:TT Copy.zip.zip
Download: download sample
Signature Loki
Create hunting rule
File size:198'474 bytes
First seen:2020-07-10 07:00:21 UTC
Last seen:2020-07-10 07:37:39 UTC
File type: zip
MIME type:application/zip
ssdeep 6144:xHSaNaYxcyF+DlofSH/M8jhakARPvX9tKeS:xyaN9ccgH4bRnG/
TLSH 691412BC3F080DD2CA58F46DDABE61797941042D16E98901F185E9E421B6EF3CCCA1AF
Reporter abuse_ch
Tags:Loki zip


Avatar
abuse_ch
Malspam distributing Loki:

HELO: utopia.herosite.pro
Sending IP: 103.108.220.126
From: h.osman@jeanplastllc.com
Subject: Receipt (USD 23,306.85)-Dai ichi Balance Final Payment
Attachment: TT Copy.zip.zip (contains "TT Copy.exe")

Intelligence

File Origin
# of uploads :
2
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.20814.ZipHeur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/aed11b205e13086fbf9d216cb57eb4865de0384a7941866ed87c2dd6e6bbc6f7/
Threat name:
ByteCode-MSIL.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-07-10 07:02:08 UTC
File Type:
Binary (Archive)
Extracted files:
2
AV detection:
20 of 29 (68.97%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=v3irwic6cmeg7p45efwlk7vuqzo6aockpfaym3wypqw5nzv3y33q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

zip aed11b205e13086fbf9d216cb57eb4865de0384a7941866ed87c2dd6e6bbc6f7

(this sample)

Loki

Executable exe a749be2de66fdb6e7705ce0bffe10f4d134345d2af814f258fdd2b863b12694b

  
Dropping
MD5 220ad313de9cde3b09da63a4f8ce5646
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a749be2de66fdb6e7705ce0bffe10f4d134345d2af814f258fdd2b863b12694b

Comments