MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 495e88db7f79e4930611aa0647ee42b806a7112b211546639e16dec2ebbac21b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Loki

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	495e88db7f79e4930611aa0647ee42b806a7112b211546639e16dec2ebbac21b
SHA3-384 hash:	70ac3ece90b3e869937e7e4ba54e07b133b2e18c768aaaa6f0799c76a5135c23b72871fe854c29cb2f11715d8ede4b10
SHA1 hash:	b75e2e2c818eb82ae643296287442ebb2c6e4298
MD5 hash:	07578f047c179095dd7c564c3872cdd6
humanhash:	double-uranus-mike-burger
File name:	COVID-19 TRANSFER RECEIPT FORM_pdf.arj
Download:	download sample
Signature	Loki Create hunting rule
File size:	630'900 bytes
First seen:	2020-05-12 11:53:24 UTC
Last seen:	Never
File type:	zip
MIME type:	application/zip
ssdeep	12288:oF3Jz3sQhry4DHb8Ygr/rvWhOGKBoFKHEcHo0AlXZp:otJz3sQh5DHoVnvjBosE+zAlJp
TLSH	7AD423737A9DE1684A54180FD0DE96C5462AE8BF13420FBFEA04B8209663F1D56FB11E
Reporter	abuse_ch
Tags:	arj Loki

abuse_ch

Malspam distributing Loki:

HELO: cpshared4.tedata.net
Sending IP: 213.158.187.39
From: accounts@goan-chartering.com
Subject: TRANSFER RECEIPT
Attachment: COVID-19 TRANSFER RECEIPT FORM_pdf.arj (contains "COVID-19 TRANSFER RECEIPT FORM_pdf.exe")