MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f316612ee88c8e1d5fd8eaf167017fd4198ab27d5fe98ece27b04cbe8cb05d74. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Loki

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	f316612ee88c8e1d5fd8eaf167017fd4198ab27d5fe98ece27b04cbe8cb05d74
SHA3-384 hash:	4af9c5f16d26697d30f9393dd7e5b4d4941bc3f2f97cbd7c3bf315c2baab23c99d0dcddb7f7264f7a2c929fd725b7aa1
SHA1 hash:	7eb6bd384e8402a9fdfed703ecbfdede8dc4a30e
MD5 hash:	55231b1a525369befcea3c842d4c57e8
humanhash:	high-fruit-oxygen-kentucky
File name:	NEW INQUIRY PURCHASE ORDER.zip
Download:	download sample
Signature	Loki Create hunting rule
File size:	358'470 bytes
First seen:	2020-07-08 06:56:49 UTC
Last seen:	Never
File type:	zip
MIME type:	application/zip
ssdeep	6144:ffCq+ahDQrCgpH37q4ne/p4Wnnwrd4ffjXiIhe2gObcdQ9lo7wvheeQDe9jsFxV/:fFpQrCgR7q4nMyWwiGseHCcXwvhvkijm
TLSH	3474232EE13D4B0C94C9D22C2C75BC56A32D9937FCAE9A4D5300B77A2074C998DAD07E
Reporter	abuse_ch
Tags:	Loki zip

abuse_ch

Malspam distributing Loki:

HELO: gmail.com
Sending IP: 156.96.62.70
From: nvistech <markmarqiuard@gmail.com>
Reply-To: mikehosek25@gmail.com
Subject: NEW INQUIRY PURCHASE ORDER
Attachment: NEW INQUIRY PURCHASE ORDER.zip (contains "NEW INQUIRY PURCHASE ORDER.exe")