MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5cd5f57afb04ba3ce4e5aaee5a7fa7d10b24a334e30911a49a4cc4cb52982848. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5cd5f57afb04ba3ce4e5aaee5a7fa7d10b24a334e30911a49a4cc4cb52982848
SHA3-384 hash: 4704cc7fd23198ed385f982029af19736375e4ccf62632253344414b38780847d17ba6851dff4fd662e1d29ac89fc160
SHA1 hash: baa06d73bb55663f38a6f458f5cbdbc201664a98
MD5 hash: 1e29bd0454691e43da99e4a45096ba57
humanhash: magazine-black-uniform-kitten
File name:Customer Advisory - Covid19 Indonesia 19032020.PDF.exe
Download: download sample
Signature Loki
Create hunting rule
File size:147'456 bytes
First seen:2020-03-23 05:15:43 UTC
Last seen:2020-03-23 06:53:35 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 409111c7c97bc74f995bc3997f050644 (1 x Loki)
ssdeep 1536:8e1KM2ZxkEpdNHcy7zoJO368QDb4H4444CM:H2ZmcrN7y98G4H4444CM
Threatray 2'694 similar samples on MalwareBazaar
TLSH 67E3D486F200F491C4A8CE3E3859DA90D16ABC50B6A1EFA73DD4B71F58F31E18F4561A
Reporter jarumlus
Tags:Loki

Intelligence

File Origin
# of uploads :
3
# of downloads :
91
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Generic-7639438-0
Create hunting rule

Win.Malware.Generic-7639551-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-03-23 02:00:35 UTC
AV detection:
26 of 30 (86.67%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ltk7k6x3as5dzzhfvlxfu75h2efsjizu4merdje2jtcmwuuyfbea._file
Verdict:
malicious
Label(s):
lokipasswordstealer(pws)
Create hunting rule
netwirerc
Create hunting rule
guloader
Create hunting rule
Similar samples:
277ad2e30607538075324d56c194f6256f2a37245f952038d709f237545bf0f1
Loki
4b610516f134b6efb2100a2e298a70b573be1cd6c4d653af007b907f11ff065e
Loki
58faef99e4fcfd4f1b48907d4dcc145c0aa1013e43d938abd7a164ff46104975
Loki
66b739f45f7fe7f1df837a8ddbe8f2f48ba67af8c241273d00e0c890fcc9f312
Loki
8b791216101006bea031bc4ff657001f95cd58ed1db4429a242d79050f947d40
Loki
bed06510d878aedc81671ebf83fb2dd246f88de58514124d166e0831b4d9c4d0
Loki
cc5bec641350dbb0a00bd08c0c6d7b8e1b7f4d486a1319a0c09a9f7e9c7f4a0c
Loki
cebf765590be725ca5f5589e51a0e81236f6e63dae47f1cdff6029429827c0be
Loki
eec46d65be09a86f25c891d462671a7a0b3140ee4a8a6ac0a9fa7e1c56a8cb40
Loki
f6acfb0076b3a4e817b12f1f4e91eb89dbeeee1bca29d591949b73dfb604ef68
Loki
+ 2'684 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Loki

Executable exe 5cd5f57afb04ba3ce4e5aaee5a7fa7d10b24a334e30911a49a4cc4cb52982848

(this sample)

Loki

Executable exe 03e72ece4ff9a329f73d64b6e2fa52caa8adeb7f7f24919b5d7f52bc8dfa8fdb

  
Dropping
SHA256 03e72ece4ff9a329f73d64b6e2fa52caa8adeb7f7f24919b5d7f52bc8dfa8fdb
  
Dropping
SHA256 03e72ece4ff9a329f73d64b6e2fa52caa8adeb7f7f24919b5d7f52bc8dfa8fdb
  
Dropping
SHA256 03e72ece4ff9a329f73d64b6e2fa52caa8adeb7f7f24919b5d7f52bc8dfa8fdb
  
Dropping
MD5 f1b0aae3151e780143be0a7a06911f1c

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::EVENT_SINK_AddRef

Comments