MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e2f9b819b6e934f67958975922f9093213e4ac085a5dad5324da885767c506b3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e2f9b819b6e934f67958975922f9093213e4ac085a5dad5324da885767c506b3
SHA3-384 hash: ad9accebd3c00d735aa98cbf385df226801fb55d3578082978c87479d3f2c455f039172d9f4bd9846e2dfbe8644a3403
SHA1 hash: 5ae2a24af1248b12c6437901966acd890d7a6ff8
MD5 hash: 9e755f72bbe79dfa74dd53527f4a742e
humanhash: coffee-avocado-oxygen-early
File name:Quotation_71042780 Request.rar
Download: download sample
Signature Loki
Create hunting rule
File size:377'706 bytes
First seen:2021-03-09 15:48:34 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 6144:K5B5HVFVpe3WiEACxe8AkXKRSxljQD7mOgkWfwecKwIgNbBN0C6c5WVf086//XGf:K5FFze3QlxDAkXKRMivm2WfwiwIgN7o1
TLSH 1A8423B0A9FC6A67C472B04205975B31CC4F4F92EB83E56D10FFA6609DE4A91B042ED6
Reporter abuse_ch
Tags:rar


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: mail.aav.local
Sending IP: 213.154.48.68
From: Biofabrik Refinery GmbH <mohamedha@aav.com.eg>
Subject: URGENT QUOTATION REQUEST
Attachment: Quotation_71042780 Request.rar (contains "Quotation_71042780 Request.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
106
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
SUSPICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2021-03-09 15:49:07 UTC
AV detection:
19 of 47 (40.43%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=4l43qgnw5e2pm6kys5msf6ijgij6jlailjo22uze3kefoz6fa2zq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Lokibot
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e2f9b819b6e934f67958975922f9093213e4ac085a5dad5324da885767c506b3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

rar e2f9b819b6e934f67958975922f9093213e4ac085a5dad5324da885767c506b3

(this sample)

Loki

Executable exe 37d995fa34e22498b1823b9b98edb207014357a673f21b560be3f2b65cb8ef10

  
Dropping
MD5 eed4d178cbab3caba57826254934d69c
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 37d995fa34e22498b1823b9b98edb207014357a673f21b560be3f2b65cb8ef10

Comments