MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b6994149efa11af2a9927b01392238774cda3820d58e476811c1b8cefc2c8d43. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b6994149efa11af2a9927b01392238774cda3820d58e476811c1b8cefc2c8d43
SHA3-384 hash: 6f783167465f08c0b679e3d61935f5158127bed6c9890211d97d060a7ce1fef252f9f61d3bb2b997cd9c31258c7e0569
SHA1 hash: 29e20182a8d62996ad65157084547ad3cf19fb92
MD5 hash: a42fb3c67ba716f4ececeeec839e4378
humanhash: maine-beryllium-wyoming-red
File name:SWIFT_pdf..arj
Download: download sample
Signature Loki
Create hunting rule
File size:332'290 bytes
First seen:2020-07-20 02:14:41 UTC
Last seen:2020-07-22 09:44:37 UTC
File type: zip
MIME type:application/zip
ssdeep 6144:HAoIvPX6VRQyhq/ec11TP8uYAvRavwQSo/vz1w17zPNnmCEzV7VfLOkpmE:HAoYi/Qyhq2KNFYAv8vwQSqU9dCXO+mE
TLSH 5F6423AC8AF9A20C4D3759E37F61AB3427221B30850EDB5B86603C6DB44648D75BE7C7
Reporter jarumlus
Tags:Loki

Intelligence

File Origin
# of uploads :
2
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.BorlandDelphi-15
Create hunting rule

PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Sanesecurity.Malware.24397.ZipHeur.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b6994149efa11af2a9927b01392238774cda3820d58e476811c1b8cefc2c8d43/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-07-20 02:16:30 UTC
AV detection:
24 of 29 (82.76%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=w2mucsppuenpfkmspmatsiryo5gnuoba2wheo2aryg4m57bmrvbq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
0.26
Link:
https://yomi.yoroi.company/submissions/b6994149efa11af2a9927b01392238774cda3820d58e476811c1b8cefc2c8d43

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

zip b6994149efa11af2a9927b01392238774cda3820d58e476811c1b8cefc2c8d43

(this sample)

Loki

Executable exe badaa42576167c5144d69e80a99203a44642e5bab069e197dbff57a8b05c1474

  
Dropped by
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 badaa42576167c5144d69e80a99203a44642e5bab069e197dbff57a8b05c1474
  
Dropping
MD5 0942d3b992ed8dbfc5860702d265f5e5

Comments