MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ba4e51e9535c3549e376a6b83981e54cd9852d7b8ee7f1644f4eab27a315494c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ba4e51e9535c3549e376a6b83981e54cd9852d7b8ee7f1644f4eab27a315494c
SHA3-384 hash: 533b77b4819df3450535cfce2caf424f79b46ff48c4e0679988fb511a716283f2914047e02af9d83517b24fde7605223
SHA1 hash: 2f0fe4def8ef22ec378befabced2f9525a4dd0e6
MD5 hash: aa061caee92bdf88b5cd26193a5b96c2
humanhash: enemy-nevada-winner-emma
File name:ΑΙΤΗΣΗ ΓΙΑ ΠΡΟΣΦΟΡΑ 20-7-2020_pdf.rar
Download: download sample
Signature Loki
Create hunting rule
File size:336'416 bytes
First seen:2020-07-20 11:20:39 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:1cy/R2uUWFrizWMuimfadJ1yR9D00qx1aM2IZ7wsQfPrIjBYHDyGBJo4R:CwR2mFrNJfyDC9D0gFf7Wqes9R
TLSH B1642338BB2C50DCB87771138DD87C94609DD5EB6EB000E6F259A76DEC117A7ECA408A
Reporter abuse_ch
Tags:geo GRC Loki rar


Avatar
abuse_ch
Malspam distributing Loki:

HELO: ns426.easy.gr
Sending IP: 46.4.157.247
From: Αριστοτέλειο Πανεπιστήμιο Θεσσαλονίκης <webmaster@auth.gr>
Subject: ΑΙΤΗΣΗ ΓΙΑ ΠΡΟΣΦΟΡΑ (Αριστοτέλειο Πανεπιστήμιο Θεσσαλονίκης) EUI894/BU4633
Attachment: ΑΙΤΗΣΗ ΓΙΑ ΠΡΟΣΦΟΡΑ 20-7-2020_pdf.rar (contains "ΑΙΤΗΣΗ ΓΙΑ ΠΡΟΣΦΟΡΑ 20-7-2020_pdf.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ba4e51e9535c3549e376a6b83981e54cd9852d7b8ee7f1644f4eab27a315494c/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-07-20 11:22:06 UTC
AV detection:
29 of 48 (60.42%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xjhfd2ktlq2uty3wu24dtapfjtmykll3r3t7czcpj2vspiyvjfga._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
0.66
Link:
https://yomi.yoroi.company/submissions/ba4e51e9535c3549e376a6b83981e54cd9852d7b8ee7f1644f4eab27a315494c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

rar ba4e51e9535c3549e376a6b83981e54cd9852d7b8ee7f1644f4eab27a315494c

(this sample)

Loki

Executable exe a635acd4b0cb9991132c208b9be22400ce1d9a6d6fced1b95f975ca2e23f7471

  
Dropping
MD5 db66cdbd23982cd67240846997a042b4
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 a635acd4b0cb9991132c208b9be22400ce1d9a6d6fced1b95f975ca2e23f7471

Comments