MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f13ba654fe59123e702c34c414a97687d748853aef0e75e48ce878e1c270a173. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f13ba654fe59123e702c34c414a97687d748853aef0e75e48ce878e1c270a173
SHA3-384 hash: 162defebe1c06049ccc5ce62d83f9d45151aa5ae28fa741293ded7355133a2ec9249a841773fe84269447025ca88734c
SHA1 hash: ed0e01111380f8bc3c72973f2461329b160f80e8
MD5 hash: 73ac61660a02b005d9c315be8058e244
humanhash: princess-timing-friend-nitrogen
File name:CG_INV_202066.iso
Download: download sample
Signature Loki
Create hunting rule
File size:907'264 bytes
First seen:2020-07-09 07:55:27 UTC
Last seen:Never
File type: iso
MIME type:application/x-iso9660-image
ssdeep 24576:BkAVCi74LofeHXecQmiDXeO4D/QivpEQR:Biiuo2Oq4XeOO/Qep5
TLSH 90158C22B3904433D0631A3D8D1B6778992ABE512EE8BA4B7FF95C4C5F3A6403935397
Reporter abuse_ch
Tags:Endurance iso Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: 142-4-22-49.unifiedlayer.com
Sending IP: 142.4.22.49
From: Accounts Dept <accounts@confidencegroup.co>
Subject: Payment Schedule
Attachment: CG_INV_202066.iso (contains "CG_INV_202066.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f13ba654fe59123e702c34c414a97687d748853aef0e75e48ce878e1c270a173/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-07-09 07:57:05 UTC
AV detection:
17 of 29 (58.62%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=6e52mvh6lejd44bmgtcbjklwq7lurbj254hhlzem5b4odqtqufzq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

iso f13ba654fe59123e702c34c414a97687d748853aef0e75e48ce878e1c270a173

(this sample)

Loki

Executable exe 4e6d691ce07204deefd9cbcc9c310bbc6c2e89c8361ca09e7ed1da4c01b2ad04

  
Dropping
MD5 ec5dbab7a41c69f9bcb9acc0b09a9429
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 4e6d691ce07204deefd9cbcc9c310bbc6c2e89c8361ca09e7ed1da4c01b2ad04

Comments