MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c4a44aa6e713d09221f222f86563873c169f01457ee474bea6030b9d1d3021cc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c4a44aa6e713d09221f222f86563873c169f01457ee474bea6030b9d1d3021cc
SHA3-384 hash: f1a3f349aea44c698d4f171c15a0de6c13a295c610d3f9e50c994fe96df8df4d6c66980a5bf880987abd99daeca7500d
SHA1 hash: 679bacf089c72109cb4687983935915d36001e13
MD5 hash: b9339195bbd92cd4251c0ddf9a2064e4
humanhash: edward-purple-nitrogen-whiskey
File name:INVOICE_JS2202000000512_JSV2202000000603_PAST_DUE.zip
Download: download sample
Signature Loki
Create hunting rule
File size:415'500 bytes
First seen:2020-08-06 06:34:37 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:P2ILT2nU0RV1rrk1BqPDgpllvk4QNpOiBBnbB7r:TT2UUj4BIN44bJr
TLSH E094231EEC62EA21475977A6EE24B79049ABC6B12F4C7C1A32418CCF5D02BC69533FC1
Reporter abuse_ch
Tags:Loki zip


Avatar
abuse_ch
Malspam distributing Loki:

HELO: sh5.megahost.kz
Sending IP: 45.136.59.178
From: info@smp-service.kz
Subject: *Overdue* urgent payment follow up-2nd Reminder- PO TG20100009
Attachment: INVOICE_JS2202000000512_JSV2202000000603_PAST_DUE.zip (contains "INVOICE_JS2202000000512_JSV2202000000603_PAST_DUE.exe")

Loki C2:
http://sieqwarteg.com/chief/chief2/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c4a44aa6e713d09221f222f86563873c169f01457ee474bea6030b9d1d3021cc/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-08-06 06:36:06 UTC
AV detection:
27 of 48 (56.25%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=yssevjxhcpijeipsel4gky4hhqlj6akfp3shjpvgamfz2hjqehga._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c4a44aa6e713d09221f222f86563873c169f01457ee474bea6030b9d1d3021cc

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

zip c4a44aa6e713d09221f222f86563873c169f01457ee474bea6030b9d1d3021cc

(this sample)

Loki

Executable exe fce256cf7df751b2f660e16da7ea66f5f0f6bd3e8d36aff33adac47f6d8eb35f

  
Dropping
MD5 d3c2fda736238745160848f67fc71d69
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 fce256cf7df751b2f660e16da7ea66f5f0f6bd3e8d36aff33adac47f6d8eb35f

Comments