MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f1ba59863abc7d03f67577aa4b75ab121608c76433981f394651f2b327914e9c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f1ba59863abc7d03f67577aa4b75ab121608c76433981f394651f2b327914e9c
SHA3-384 hash: b207fdfdcd03e15cf93629b2b9641be3358dbf196b5b229167aacac27bfcaf36cd2ceacc108eb3d1610e4cfd36bcd2af
SHA1 hash: 9a46dfeb88cadf9734bf736289123d990d284a40
MD5 hash: e602d86250e0bddada3bde70bc252c02
humanhash: juliet-tango-december-delta
File name:letter_to_customers_covid-19_pdf.exe
Download: download sample
Signature Loki
Create hunting rule
File size:77'824 bytes
First seen:2020-03-19 07:53:14 UTC
Last seen:2020-03-19 10:03:27 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash d3e3d22e081fd68f9dd8b9e590203235 (1 x Loki)
ssdeep 1536:DedgSyoByigK2tV18WxdGiLjSxfAh/nG2gim:Q2oBDgbbcLxuO2gim
Threatray 1'278 similar samples on MalwareBazaar
TLSH 15738E03FA50E465C4588B3E6CABD6E1111F7C686890CB5B36D87B4FE5F1062CF1EA29
Reporter jarumlus
Tags:Loki Lokibot

Intelligence

File Origin
# of uploads :
2
# of downloads :
224
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.VBGeneric-7639703-0
Create hunting rule

Win.Trojan.Vebzenpak-7640209-0
Create hunting rule

Win.Trojan.Vebzenpak-7699953-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-03-19 06:49:53 UTC
AV detection:
28 of 31 (90.32%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=6g5ftbr2xr6qh5tvo6vew5nlcilarr3egomb6okgkhzlgj4rj2oa._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
09476389f92f23216cbb99cf3dce7e07deee2fdc29d63b066aef91e9b1a78197
Loki
0fc76f1453db81e8fa50b7e685827e0f5126c25c91de2a25552af3273bb407e9
Loki
15c365dfb62dc041e46ede5ae90f2e0966d1000b5936f0ed5d68f5d10e813171
Loki
50a4a0067a0756996b12da1316f2574a16316d050b675114c8ae60c35e99cf5b
Loki
5cd5f57afb04ba3ce4e5aaee5a7fa7d10b24a334e30911a49a4cc4cb52982848
Loki
70d577aba943b783ec606abcfa912bf97c9fd4f22d5e46ff1d718d350a8e4fcc
Loki
9bebd6b8400a02ec36958c8cf06d3abc659b462d482fca3df8a3a64e42b3e234
Loki
a6cc856405546af76f769ae3148e782571675af436ae9701c17d081266d6c835
Loki
b289e7a3e27dfee54ea6a2610a3cc690b96d7dafec31756401349935e3d83202
Loki
ddf6f04276c1d976e62e199e6c928fb7a3d7aaec455a1859f8d8f605c89ffc64
Loki
+ 1'268 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f1ba59863abc7d03f67577aa4b75ab121608c76433981f394651f2b327914e9c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::EVENT_SINK_AddRef

Comments