MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 02f2999240877abff06ad4728307dd9069b5ecf8a862b8fc786343f83553a3db. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 02f2999240877abff06ad4728307dd9069b5ecf8a862b8fc786343f83553a3db
SHA3-384 hash: c089cf0b970bf6bec214f7d41db5a95512cf94388d593e218a2a106f3aa1bfe269da8fcc09dd0fbd1a1120d2cf900901
SHA1 hash: 09d5686c5bdfd6b578a7b9949f8cf463204da366
MD5 hash: dfa7fce0d1e06b37f30f1e30c83bb895
humanhash: wolfram-william-fish-sad
File name:AWB NOA00060819__DHL_Express_delivery service22032020__Pdf.exe
Download: download sample
Signature Loki
Create hunting rule
File size:102'400 bytes
First seen:2020-04-02 18:42:17 UTC
Last seen:2020-04-06 05:47:33 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 60d20cf9a30bb2af1ddf7931d07b7af6 (1 x Loki)
ssdeep 768:wK+GkEoAofvHikWCP2EPfBkYjSYOfOxQqGPuz6Qnw2ELBFJWqw8maiHDoQZhOn:wCkEoAoXFaBOZIuuQnw2ELjJrmaitc
Threatray 1'433 similar samples on MalwareBazaar
TLSH E8A3D512F910FC94D0284EB58BB287DC13567E39AE89A90734C83EDE7BF12547582B97
Reporter jarumlus
Tags:Loki Lokibot

Intelligence

File Origin
# of uploads :
5
# of downloads :
1'013
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Dropper.Remcos-7647550-0
Create hunting rule

Win.Trojan.Ponystealer-7648176-0
Create hunting rule

Win.Dropper.Remcos-7683428-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-04-02 19:35:38 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=alzjtesaq55l74dk2rzigb65sbu3l3hyvbrlr7dymnb7qnktupnq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
006bb451c7207fa375e67a1684a97136a46beea1ff74e193eb4bbf6665a0ec9b
Loki
15c365dfb62dc041e46ede5ae90f2e0966d1000b5936f0ed5d68f5d10e813171
Loki
70d577aba943b783ec606abcfa912bf97c9fd4f22d5e46ff1d718d350a8e4fcc
Loki
9bebd6b8400a02ec36958c8cf06d3abc659b462d482fca3df8a3a64e42b3e234
Loki
9d545cae8b73e11800aaf794b2919bb8972511e4e217eaf1a51c3f38c17bb412
Loki
a570592bf5a21c1f55712fcec60a0536fedabe28b409d9a48fdc499185e154ff
Loki
d7162b14867eff2ee6b1c0506f91c4e8c1a1cea0ddae632bd49156a179549772
Loki
db740f36a91f4fa311184714bdb059022ba29a054975db509a5bb782eb542533
Loki
f17d48c8d179de191e519fa908648b977c09f91803b898d8e4fada52e423a8df
Loki
fd70366a0abed417301e2a312927e5697e8ded01a50c830b408978fb61ff9241
Loki
+ 1'423 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Loki

Executable exe 02f2999240877abff06ad4728307dd9069b5ecf8a862b8fc786343f83553a3db

(this sample)

Loki

Executable exe 762d7ecc8a6e58943933c74048515fcf2d5948d714d19f502217c41395a0dfef

  
Dropping
SHA256 762d7ecc8a6e58943933c74048515fcf2d5948d714d19f502217c41395a0dfef
  
Dropping
MD5 e6b3c240a9b28d1d09dac661f3a7189e

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef
MSVBVM60.DLL::__vbaErrorOverflow

Comments