MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 25bb26945ab39a1d0aaa99cfb00d12b9bfd027244e912fd825c1758f14d02aa0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Loki
Vendor detections: 4
| SHA256 hash: | 25bb26945ab39a1d0aaa99cfb00d12b9bfd027244e912fd825c1758f14d02aa0 |
|---|---|
| SHA3-384 hash: | 9ebe929e728ebd901f6000cadea993526bd0ea5b39859d80457e0ec0c9857c5999c58bfa4be1d4b3214c41e7f7b25cd8 |
| SHA1 hash: | b2667b18c592cbf8999649641a8fe53438d01d5d |
| MD5 hash: | 0d1ee31cd0fa40a561b29ea7cd9b431b |
| humanhash: | fanta-timing-fillet-friend |
| File name: | NEW ORDER_pdf.zip |
| Download: | download sample |
| Signature | Loki |
| File size: | 415'307 bytes |
| First seen: | 2020-10-19 06:31:04 UTC |
| Last seen: | Never |
| File type: | zip |
| MIME type: | application/zip |
| ssdeep | 12288:gf7WDb1LbSCOQrksd1TpVW/M2HinGcgHonoTt1ov:MavSyna9i1g1ov |
| TLSH | E39423AEF068CD2CD6997D103FA30625C1E28793A6655531B30C477FDBB95888B1AC2F |
| Reporter | |
| Tags: | Loki zip |
abuse_ch
Malspam distributing Loki:HELO: pakcaro.pakistancargo.com
Sending IP: 69.61.26.67
From: COSCO Shipping Co., Ltd. <shizhengping@cosco.com.cn>
Reply-To: shizhengping@cosco.com.cn
Subject: ***TOP URGENT***NEW ORDER
Attachment: NEW ORDER_pdf.zip (contains "NEW ORDRE.exe")
Loki C2:
http://magicview.ga/zang/gate.php
Intelligence
File Origin
# of uploads :
1
# of downloads :
68
Origin country :
n/a
Vendor Threat Intelligence
Threat name:
ByteCode-MSIL.Trojan.Wacatac
Status:
Malicious
First seen:
2020-10-19 00:31:42 UTC
AV detection:
9 of 48 (18.75%)
Threat level:
5/5
Detection(s):
Malicious file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Malspam
Dropping
Loki
Delivery method
Distributed via e-mail attachment
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.