MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ba167984676eeac1307b81f5410739ec309aad4ec2988d9e4266d1c6a449de9e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Loki

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	ba167984676eeac1307b81f5410739ec309aad4ec2988d9e4266d1c6a449de9e
SHA3-384 hash:	b1b9262f5aa4e6f2a33a5b76ebd32b2a1f4d6b1c9560f256f6849b3b5e454202d57cafbcd8412bb1abbf8e80580aa705
SHA1 hash:	d0f2c64e01ea3a1aaf395ac5866a953ec11aed1b
MD5 hash:	d67f3775f1d531b12ed148311eef6e26
humanhash:	kitten-paris-ack-north
File name:	CHECKERS RFQ 0019901828289.PDF.gz
Download:	download sample
Signature	Loki Create hunting rule
File size:	148'185 bytes
First seen:	2020-07-16 08:20:39 UTC
Last seen:	Never
File type:	gz
MIME type:	application/gzip
ssdeep	3072:qmpQo0zSEKx8jpXAW5ogFDFjiueq/fe36y7pVKyzI/iPlSdXS++:qAQ6x8tXZnrWueAe3g/4x
TLSH	63E32201F88A10879DEF97AE67D93421B590F4B59D17CE758E43CBD2C2A4B40AF38396
Reporter	abuse_ch
Tags:	gz Loki

abuse_ch

Malspam distributing Loki:

HELO: slot0.griferaisnova.com
Sending IP: 107.174.244.100
From: order@checkers.co.za
Subject: RFQ 0019901828289
Attachment: CHECKERS RFQ 0019901828289.PDF.gz (contains "CHECKERS RFQ 0019901828289.PDF.exe")

Loki C2:
http://winqits.com/~zadmin/lk/me/gate.php