MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 25bb26945ab39a1d0aaa99cfb00d12b9bfd027244e912fd825c1758f14d02aa0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 25bb26945ab39a1d0aaa99cfb00d12b9bfd027244e912fd825c1758f14d02aa0
SHA3-384 hash: 9ebe929e728ebd901f6000cadea993526bd0ea5b39859d80457e0ec0c9857c5999c58bfa4be1d4b3214c41e7f7b25cd8
SHA1 hash: b2667b18c592cbf8999649641a8fe53438d01d5d
MD5 hash: 0d1ee31cd0fa40a561b29ea7cd9b431b
humanhash: fanta-timing-fillet-friend
File name:NEW ORDER_pdf.zip
Download: download sample
Signature Loki
Create hunting rule
File size:415'307 bytes
First seen:2020-10-19 06:31:04 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:gf7WDb1LbSCOQrksd1TpVW/M2HinGcgHonoTt1ov:MavSyna9i1g1ov
TLSH E39423AEF068CD2CD6997D103FA30625C1E28793A6655531B30C477FDBB95888B1AC2F
Reporter abuse_ch
Tags:Loki zip


Avatar
abuse_ch
Malspam distributing Loki:

HELO: pakcaro.pakistancargo.com
Sending IP: 69.61.26.67
From: COSCO Shipping Co., Ltd. <shizhengping@cosco.com.cn>
Reply-To: shizhengping@cosco.com.cn
Subject: ***TOP URGENT***NEW ORDER
Attachment: NEW ORDER_pdf.zip (contains "NEW ORDRE.exe")

Loki C2:
http://magicview.ga/zang/gate.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/25bb26945ab39a1d0aaa99cfb00d12b9bfd027244e912fd825c1758f14d02aa0/
Threat name:
ByteCode-MSIL.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-10-19 00:31:42 UTC
AV detection:
9 of 48 (18.75%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ew5snfc2wonb2cvkthh3adisxg75ajzej2is7wbfyf2y6fgqfkqa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/25bb26945ab39a1d0aaa99cfb00d12b9bfd027244e912fd825c1758f14d02aa0

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

zip 25bb26945ab39a1d0aaa99cfb00d12b9bfd027244e912fd825c1758f14d02aa0

(this sample)

Loki

Executable exe 7f0424ffbe5b0d339a9164c0417ede65b33ec131a6b7f178102a6384640ee1eb

  
Dropping
MD5 786a0095886ea37ca55e08f8ad01db55
  
Dropping
Loki
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 7f0424ffbe5b0d339a9164c0417ede65b33ec131a6b7f178102a6384640ee1eb

Comments