MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ef9cf4f473ad1c6a1e894d9ad217b3bcc25f334ed5f90890cbf09d7462395c13. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Loki

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	ef9cf4f473ad1c6a1e894d9ad217b3bcc25f334ed5f90890cbf09d7462395c13
SHA3-384 hash:	4523ea757ba430c4ea5be1b8c73f2d4ebc5f46ad9bcab4b7426aef534c0105f66d085302848ed3ef88b1c8210dd4157d
SHA1 hash:	18c8775c4577eadd5ec27562882c717cb8bea514
MD5 hash:	d772c1ab278da195955bffc6b04b7b4c
humanhash:	tennessee-mike-glucose-single
File name:	image0002.txt.gz
Download:	download sample
Signature	Loki Create hunting rule
File size:	393'010 bytes
First seen:	2020-10-25 17:21:27 UTC
Last seen:	Never
File type:	gz
MIME type:	application/x-rar
ssdeep	6144:dUDH4gjLe2P/PlQKE89ubWPCwWWQHFSkm9wmlzUlddRo8XlQguGdVzpFu70s49:dyL/dQF8cbf/0L9wmpUXdflQZMpsQ3
TLSH	688423900F156E9E9CDC0F453DF67A927389E8AB5118F391F2DA95B3870F1D18340AB6
Reporter	abuse_ch
Tags:	gz Loki

abuse_ch

Malspam distributing Loki:

HELO: arehmantraders.com
Sending IP: 83.149.106.6
From: Ahmed Mubeen <a-rehman@arehmantraders.com>
Subject: Order Inquiry - Urgent
Attachment: image0002.txt.gz (contains "image0002.exe")

Loki C2:
http://qataracfridgerepaire.com/wp-admin/five/fre.php