MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2b1195470876e1d2c1cd94421056d84c90014023dbb76dd155ad87e2f1935b2c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Loki

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	2b1195470876e1d2c1cd94421056d84c90014023dbb76dd155ad87e2f1935b2c
SHA3-384 hash:	39f6b689d0e751484aa7ca5da9cd54a7b9a0b7623d20c406e624c1037b850fb6be8004a56c51ae6961032f2a803c0018
SHA1 hash:	ad3bad55e37f91898fa01eca234d48bbda82e3a8
MD5 hash:	fa7a00019d71317597b7685bc3b8d478
humanhash:	orange-arizona-carpet-mexico
File name:	PayeeAdvice_HK02022_R0977491_02178_PDF.gz
Download:	download sample
Signature	Loki Create hunting rule
File size:	225'282 bytes
First seen:	2020-12-02 09:12:00 UTC
Last seen:	Never
File type:	gz
MIME type:	application/gzip
ssdeep	6144:2b3buveGA6dHHGa9mV13M1FP6Kpt+H7lUpbkdY3a63Hnl:jveGAwHG+93pobl6bkdwawHl
TLSH	F8241393A66387B5B659B722991E06324CDD50930E149543AACE9F13DD7837D2CE0CCB
Reporter	abuse_ch
Tags:	gz Loki SCB

abuse_ch

Malspam distributing Loki:

HELO: xzp0.315.wxgu.ml
Sending IP: 207.154.241.233
From: "Standard Chartered Bank" <AdvicesHK@sc.com>
Subject: ADVICE FROM STANDARD CHARTERED BANK - PT04145052
Attachment: PayeeAdvice_HK02022_R0977491_02178_PDF.gz (contains "PayeeAdvice_HK02022_R0977491_02178_PDF.exe")

Loki C2:
http://49.12.47.176/UddYkIngOfMonEYnDItuRKEY/fre.php