MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f6a1d59b0ba920e500b72f00d50729e6215c4148e5cdb3302dc16817733889f9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f6a1d59b0ba920e500b72f00d50729e6215c4148e5cdb3302dc16817733889f9
SHA3-384 hash: 07c48d021423e2e7e9215486571784c129b8c620f3623db234146f82ba5e03a1c2f62fcd35edb752306e71e833cce6d6
SHA1 hash: 8b0b907bfa2cc65fa8bd0366ed1e162953c997ba
MD5 hash: 9b842c83011a67b40e21539d8aadd384
humanhash: low-maryland-three-oscar
File name:Shipment Document BL,INV and Packing.tbz2
Download: download sample
Signature Loki
Create hunting rule
File size:192'105 bytes
First seen:2020-06-24 06:51:43 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 3072:vWbIv+RNbzWhoh1LlHUwFNi7Svr+/4i6XPv8s1v+rd3YE41iKY1eht+qa9UOQGQm:vE0+R5ihohllH1Xit/r6Xnv6t41iKz+R
TLSH 051423B41D0B3D87C598E3BEC6B7FF3A1BBC2046971806AF8D673D90739A406660455A
Reporter abuse_ch
Tags:DHL Loki tbz2


Avatar
abuse_ch
Malspam distributing Loki:

HELO: host14.axxesslocal.co.za
Sending IP: 154.0.160.114
From: DHL Express (ParcelHero®) <noreply@dhl.com>
Subject: DHL international GmbH,Shipment Document BL,INV and Packing
Attachment: Shipment Document BL,INV and Packing.tbz2 (contains "Shipment Document BL,INV and Packing.exe")

Loki C2:
http://koreanbeautyexpert.com/finn/fre.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
90
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f6a1d59b0ba920e500b72f00d50729e6215c4148e5cdb3302dc16817733889f9/
Threat name:
ByteCode-MSIL.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-24 06:53:05 UTC
AV detection:
30 of 48 (62.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=62q5lgylveqokafxf4ankbzj4yqvyqki4xg3gmbnyfubo4zyrh4q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

rar f6a1d59b0ba920e500b72f00d50729e6215c4148e5cdb3302dc16817733889f9

(this sample)

Loki

Executable exe 9d659a53442b83dc3f5e3a7b3bb8ad90cdc1f06c258f074791a7efccb46f867e

  
Dropping
MD5 21d777bf81893848914ba0690753c9a0
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 9d659a53442b83dc3f5e3a7b3bb8ad90cdc1f06c258f074791a7efccb46f867e

Comments