MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b932dfe2ef6b0cc85c2e3c5806cd6797def1b976855051f4de62143a9d1a07ef. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b932dfe2ef6b0cc85c2e3c5806cd6797def1b976855051f4de62143a9d1a07ef
SHA3-384 hash: 71fee34c2a146d68c2893d472098029913a45442a4709de11bb87567ced5e28d00b62fc95198102246d71e28ae8d9576
SHA1 hash: 74955299f01b9f247fb4dc09916c4fa00498ba70
MD5 hash: 376d76ec3e0c72a7f5755eb576d8e218
humanhash: winner-crazy-mockingbird-yellow
File name:Zitat-scanned-new.img.uv.zip
Download: download sample
Signature Loki
Create hunting rule
File size:400'484 bytes
First seen:2020-10-22 16:25:04 UTC
Last seen:2020-10-23 09:04:39 UTC
File type: zip
MIME type:application/zip
ssdeep 12288:Xh16UoDunu40dGmOb8wYxPbx8bfdX/cxxPu:R1mDuulBz9jebfdUq
TLSH 7184236C1ADF37B5B7A7D23318859CA8B648DCE5E0E25160CBCB358313A5647AD2E334
Reporter abuse_ch
Tags:Loki zip


Avatar
abuse_ch
Malspam distributing Loki:

HELO: jktd3khmail02v.cloudkilat.me
Sending IP: 103.43.47.239
From: Thomas Wehrle <daniel@lang.net>
Reply-To: Rasius Makselis <cora@bbcouture.ca>
Subject: Quotation
Attachment: Zitat-scanned-new.img.uv.zip (contains "Zitat-scanned-new.img.uv.exe")

Intelligence

File Origin
# of uploads :
18
# of downloads :
56
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.BackDoor.SpyBotNET.25.5412.28296.UNOFFICIAL
Create hunting rule

PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b932dfe2ef6b0cc85c2e3c5806cd6797def1b976855051f4de62143a9d1a07ef/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-10-22 13:21:49 UTC
AV detection:
24 of 29 (82.76%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=xezn7yxpnmgmqxbohrmantlhs7ppdolwqvifd5g6mikdvhi2a7xq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

zip b932dfe2ef6b0cc85c2e3c5806cd6797def1b976855051f4de62143a9d1a07ef

(this sample)

Loki

Executable exe 6d683798bc78eedd3f8b66c455a78b8be0efacd1e7d7ad7f9198fa1dd4f64ad7

  
Dropping
MD5 235fef05aff50c293eda41a3820b8f43
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 6d683798bc78eedd3f8b66c455a78b8be0efacd1e7d7ad7f9198fa1dd4f64ad7

Comments