MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f22d7dc547bfce01ab9f42f71a1ac6e4d0c164187a886d43861b49015520cbd9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Intelligence 2 File information 3 Yara 4 Comments

SHA256 hash: f22d7dc547bfce01ab9f42f71a1ac6e4d0c164187a886d43861b49015520cbd9
SHA3-384 hash: 9895548718cedec0d7ecd02ce4591ce66facf6c98f3646499fc4f3570e95defe1642a5e1994f854178f699b6e8df708d
SHA1 hash: cdd82088b560caa55e17dd4714a5ffc394ec0db9
MD5 hash: 45f737c6d7e5c4f0875fde62b51f1662
humanhash: friend-oklahoma-pluto-potato
File name:Consignment Details.exe
Download: download sample
Signature Loki
File size:278'528 bytes
First seen:2020-06-30 05:24:57 UTC
Last seen:2020-06-30 05:48:10 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744
ssdeep 3072:FeadFAZRNCPyGwgcSlsJPCdATPTVWZV5wx3nu9B6jFCAxdJRZHcs:wKFcRAPyJaB+PTa7wx36AjMmdbZ8
TLSH F3446B2A7692943DD37B89B2352669A19678FE333A02C70EB2C7531C1C102DAEF35757
Reporter @cocaman
Tags:exe Loki


Mail intelligence
Trap location Impact
CH Switzerland Low
Global Low
# of uploads 2
# of downloads 33
Origin country FR FR
CAPE Sandbox Detection:Loki
CERT.PL MWDB Detection:lokibot
ReversingLabs :Status:Malicious
Threat name:ByteCode-MSIL.Trojan.Injector
First seen:2020-06-30 01:42:32 UTC
AV detection:24 of 31 (77.42%)
Threat level:   5/5
Spamhaus Hash Blocklist :Malicious file
Hatching Triage Score:   5/10
Malware Family:n/a
VirusTotal:Virustotal results 47.95%

Yara Signatures

Rule name:Lokibot
Author:JPCERT/CC Incident Response Group
Description:detect Lokibot in memory
Reference:internal research
Rule name:win_lokipws_auto
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator
Rule name:win_lokipws_g0
Author:Slavo Greminger, SWITCH-CERT
Rule name:with_sqlite
Author:Julian J. Gonzalez <>
Description:Rule to detect the presence of SQLite data in raw image

File information

The table below shows additional information about this malware sample such as delivery method and external references.



Executable exe f22d7dc547bfce01ab9f42f71a1ac6e4d0c164187a886d43861b49015520cbd9

(this sample)