MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c51959e354e6c672fc0d77beb0a2be87def915eef60de7581379bf6709702e81. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c51959e354e6c672fc0d77beb0a2be87def915eef60de7581379bf6709702e81
SHA3-384 hash: 507fa37b768e1232e52cde6efbb2699db2c3998e97f39f0c97f0ed0437ba68cc00a366d22f13e42a17c489cd163e6f7b
SHA1 hash: c05d0b47c5a60c97b495fa2842ead793b61d4a63
MD5 hash: 6102d8097f44c8e160a078f6fbfa5db8
humanhash: hydrogen-beer-neptune-indigo
File name:URGENT P01954815 PRSP101020 ISSUANCE OF PURCHASE ORDER PO.arj
Download: download sample
Signature Loki
Create hunting rule
File size:199'048 bytes
First seen:2020-07-08 07:14:50 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:NuT/gWHTIWVaA2LYn5WSVo/T0R1/pDyzGMbCTHELU5UbZlaZ05:NuTIWhVaA2e5Wa2T0/5QGMbCT5Udlau5
TLSH 4D1412B721582E3EF7D509A50C8281D66B381DCF029AA6778875AFD31C7E13A2D0572E
Reporter abuse_ch
Tags:arj Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: 104-168-101-22-host.colocrossing.com
Sending IP: 104.168.101.22
From: haig@haig.cc
Subject: Re: Request for Quotation_PR#PS-AVP2-202098.in
Attachment: URGENT P01954815 PRSP101020 ISSUANCE OF PURCHASE ORDER PO.arj (contains "BHO4nbXgyZS1UQe.exe")

Loki C2:
http://t-mk.me/ig2/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Generic-EXE.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c51959e354e6c672fc0d77beb0a2be87def915eef60de7581379bf6709702e81/
Threat name:
ByteCode-MSIL.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-07-08 07:16:11 UTC
AV detection:
30 of 48 (62.50%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=yumvty2u43dhf7ano67lbiv6q7ppsfpo6yg6owatpg7woclqf2aq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

zip c51959e354e6c672fc0d77beb0a2be87def915eef60de7581379bf6709702e81

(this sample)

Loki

Executable exe c3bde0b72c52223cc2d82b11d0e3b50e43e9d2010b6b69fa2144b8a49fef2e7e

  
Dropping
MD5 da6acb7434d0cba2fa56325e20c44999
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c3bde0b72c52223cc2d82b11d0e3b50e43e9d2010b6b69fa2144b8a49fef2e7e

Comments