MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1245deb09158c69cf87370cca6bc0ab6251348b421f8561531cf382e224afd32. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Loki

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	1245deb09158c69cf87370cca6bc0ab6251348b421f8561531cf382e224afd32
SHA3-384 hash:	303cbd981195b06bbaae5d7ad0fcdccc24f47c7f0441338fe5d4d5b806d556a73f03f78ed36306630291cb491a1417a2
SHA1 hash:	c061134454e43662e96524fa6386ae07950ddaaf
MD5 hash:	e65d2b508ae996b90042e26362a2b182
humanhash:	oxygen-monkey-friend-freddie
File name:	LIST OF REAP MEMBERS NOMINATED FOR ELECTION.pdf.z
Download:	download sample
Signature	Loki Create hunting rule
File size:	137'201 bytes
First seen:	2020-12-08 07:54:01 UTC
Last seen:	Never
File type:	z
MIME type:	application/x-rar
ssdeep	3072:NsAjjkB2OuuPnAcIAaRyQxcP/Lm7rfGpjyRFtglZMiMj8Fi2J1VZ:Nxk2LMRIBysg/LPpjDnpM/iD
TLSH	02D312502C7567CFF9FEC3E51C31A17295AA1A006741800EF6B077CA826D9F8CAE6E57
Reporter	abuse_ch
Tags:	Loki z

abuse_ch

Malspam distributing Loki:

HELO: vhosts54.montevideo.net.uy
Sending IP: 200.40.79.224
From: REAP - Rice Exporters Association of pakistan <infor@reap.com.pk>
Subject: NOTIFICATION OF LIST OF REAP MEMBERS NOMINATED FOR ELECTION.
Attachment: LIST OF REAP MEMBERS NOMINATED FOR ELECTION.pdf.z (contains "LIST OF REAP MEMBERS NOMINATED FOR ELECTION.pdf.exe")

Loki C2:
http://51.195.53.27/~dasdas/ff.php