MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f0a0be0758348985361b10033d297d2d2b3244b3989bf292545014e08a35dd86. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f0a0be0758348985361b10033d297d2d2b3244b3989bf292545014e08a35dd86
SHA3-384 hash: 11ccc9e33ab2132a1e9f24dacdd1d3a33853010592820b79a922caaee58709a62cc7326007b1bc66680c5523307083cc
SHA1 hash: f3b6ac12a9d6eb2db40a7d905a97a88f6f959190
MD5 hash: da18bd8764bf1b99189d6abe9021ea38
humanhash: michigan-lion-mississippi-berlin
File name:FZC-11573.gz
Download: download sample
Signature Loki
Create hunting rule
File size:356'973 bytes
First seen:2020-06-08 05:54:00 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:MXFRaV6K+83QEy33WiKdhJrEFsrf7glHaXHH4HOa3/uvXWGQMuCYK:MVR5h83Py3mzWFOD3OqXQMzJ
TLSH 617423E63175BDCFD34115D3C3CAC3416A596AE4DAAEDF9E2BDC422BAC16C220685073
Reporter abuse_ch
Tags:gz Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: 94-100-28-224.static.hvvc.us
Sending IP: 94.100.28.224
From: Liu fang <liufang@sinoma-ncdri.cn>
Subject: RE: New Order Booking
Attachment: FZC-11573.gz (contains "FZC-11573.exe")

Loki C2:
http://apoxnew.com/prexi/pin.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

SecuriteInfo.com.AI.Packer.B5D3473921.3130.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-08 05:55:05 UTC
AV detection:
35 of 48 (72.92%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=6cql4b2ygseyknq3cabt2kl5fuvterfttcn7fesukakobcrv3wda._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

zip f0a0be0758348985361b10033d297d2d2b3244b3989bf292545014e08a35dd86

(this sample)

Loki

Executable exe 89f071e1363149bb86804389d3d144b71de15b92bedd3fca7f79c47297f0d6aa

  
Dropping
MD5 1ee969a77677757bd39206a9aeb49cc2
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 89f071e1363149bb86804389d3d144b71de15b92bedd3fca7f79c47297f0d6aa

Comments