MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 47c215677a13caee9b79a643e0df5d08534ffad00d4db4e38c9f6b7211dde089. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Loki

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	47c215677a13caee9b79a643e0df5d08534ffad00d4db4e38c9f6b7211dde089
SHA3-384 hash:	85d57ab46dbe2fe6d00bf33d0338ec7f27879a0557b26900fa6567ed28b66cfd93e554e72ca2b440ec573d80b4139226
SHA1 hash:	ba876e93050415b0ba33ccc96d1bccba88a3cde5
MD5 hash:	e5505c50eeb0711eda580cf4636924ff
humanhash:	robert-july-carolina-pip
File name:	MN MEDICALS COVID-19 SUPPLY0134_pdf.gz
Download:	download sample
Signature	Loki Create hunting rule
File size:	381'084 bytes
First seen:	2020-04-16 11:07:20 UTC
Last seen:	Never
File type:	zip
MIME type:	application/zip
ssdeep	6144:pkXU1dgB7AQL9gjyf1XakOuG7fPfqBBm05ADpj6DbyuShfs4zdH9KrTNyBSIZ7:pkXU1KnEyfB3G7fqnm0mDpjAbyBhEQKE
TLSH	128423FB86FF2293C1888479B7C493AF7CC1DB688B47896633A358549A560B14405DFF
Reporter	abuse_ch
Tags:	COVID-19 gz Loki

abuse_ch

COVID-19 themed malspam distributing Loki:

HELO: mail.spentaonline.com
Sending IP: 103.24.203.104
From: MN Medical OÜ <info@mn-medical.ee>
Subject: PRIORITY ORDER/ESTONIA MN MEDICALS /COVID-19 SUPPLY
Attachment: MN MEDICALS COVID-19 SUPPLY0134_pdf.gz (contains "KS-Scan0134_pdf.exe")

Loki C2:
http://oneflextiank.com/click/five/fre.php