MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1bb8852c2f8f20cb1b80a61bbda5ebd241559e4c9992b8c2948ca5800151643b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Loki

Vendor detections: 2

Intelligence 2 IOCs YARA File information Comments

SHA256 hash:	1bb8852c2f8f20cb1b80a61bbda5ebd241559e4c9992b8c2948ca5800151643b
SHA3-384 hash:	66a9faa84ef5a67d91eeca1561a2e0fc632d4dc39d2beb10fe07dcdca012be6cc6e1d16305e6675bd9cf3b6cc714e839
SHA1 hash:	c36f8bd62d829e0a4c6942abce4dbcd3f25bf01a
MD5 hash:	477e76ad89ccfe746882ca4abc402d39
humanhash:	failed-april-quiet-delta
File name:	COVID-19_UPDATE_PDF.7z
Download:	download sample
Signature	Loki Create hunting rule
File size:	332'640 bytes
First seen:	2020-04-01 11:46:14 UTC
Last seen:	2020-04-01 12:17:57 UTC
File type:	7z
MIME type:	application/x-7z-compressed
ssdeep	6144:XVwYjFvwjncDZ2nw1Oor55CA2zpbDg5NxAOvSdMYsxUgLv2N9Q7eCWlteQgpug9:CYjFv8cDZjEo+A2zlgXx/v2WUkmbCWl4
TLSH	55642349171DEE688842EAABB8F9D3B67D3F8E6FF71D0673101C828405EE97194F6124
Reporter	abuse_ch
Tags:	7z COVID-19 Loki

abuse_ch

COVID-19 malspam distributing Loki:

HELO: slot0.farolexshippings.com
Sending IP: 185.70.107.206
From: Andrée Pinard Clark <who60@who.int>
Subject: COVID-19 UPDATE !!!
Attachment: COVID-19_UPDATE_PDF.7z (contains "COVID-19_UPDATE_PDF.exe")