MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 13e3d04d6d7eadbe4511db7040a46ba740069df3416b3a0b1e8ffede8f3cb8a0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Loki

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	13e3d04d6d7eadbe4511db7040a46ba740069df3416b3a0b1e8ffede8f3cb8a0
SHA3-384 hash:	f1565ae68ded104408ef63a23b5031ab16adbced0adb2e4cfa33dde88ce112d9e652c3c4b867bce964841b777748406a
SHA1 hash:	2975bb732ac3e7c99d4bd8820fdc73c224632a38
MD5 hash:	3ffa2ebd1be2d207ad59d7d4fc3f79d5
humanhash:	july-sweet-diet-bravo
File name:	RFQ 5564658.gz
Download:	download sample
Signature	Loki Create hunting rule
File size:	356'139 bytes
First seen:	2020-08-05 07:38:59 UTC
Last seen:	Never
File type:	gz
MIME type:	application/gzip
ssdeep	6144:nACxlkqjIMdiOVNqZKOtthHkLLhZh8JmHRXuQaDmmnM4ckmI22xqeRNEdZ6/+A:nxx/jrcOjSKytt2hZh7uQKHmI22vEdrA
TLSH	A174238A7CD4C54123D6BCCCF7586B5156BCA61BBF75B226433C9A122D737222E20B29
Reporter	abuse_ch
Tags:	gz Loki

abuse_ch

Malspam distributing Loki:

HELO: airroxnigen.com
Sending IP: 185.222.57.136
From: purchase@airroxnigen.com
Subject: RE: INQUIRY
Attachment: RFQ 5564658.gz (contains "RFQ 5564658.exe")

Loki C2:
http://scarfponcho.com/sitepackage/five/fre.php