MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f22d7dc547bfce01ab9f42f71a1ac6e4d0c164187a886d43861b49015520cbd9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 2 File information 3 Yara 4 Comments

SHA256 hash: f22d7dc547bfce01ab9f42f71a1ac6e4d0c164187a886d43861b49015520cbd9
SHA3-384 hash: 9895548718cedec0d7ecd02ce4591ce66facf6c98f3646499fc4f3570e95defe1642a5e1994f854178f699b6e8df708d
SHA1 hash: cdd82088b560caa55e17dd4714a5ffc394ec0db9
MD5 hash: 45f737c6d7e5c4f0875fde62b51f1662
humanhash: friend-oklahoma-pluto-potato
File name:Consignment Details.exe
Download: download sample
Signature Loki
File size:278'528 bytes
First seen:2020-06-30 05:24:57 UTC
Last seen:2020-06-30 05:48:10 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744
ssdeep 3072:FeadFAZRNCPyGwgcSlsJPCdATPTVWZV5wx3nu9B6jFCAxdJRZHcs:wKFcRAPyJaB+PTa7wx36AjMmdbZ8
TLSH F3446B2A7692943DD37B89B2352669A19678FE333A02C70EB2C7531C1C102DAEF35757
Reporter @cocaman
Tags:exe Loki

Intelligence


Mail intelligence
Trap location Impact
CH Switzerland Low
Global Low
# of uploads 2
# of downloads 33
Origin country FR FR
CAPE Sandbox Detection:Loki
Link: https://www.capesandbox.com/analysis/16763/
ClamAV SecuriteInfo.com.Variant.Ursu.927885.17705.16054.UNOFFICIAL
CERT.PL MWDB Detection:lokibot
Link: https://mwdb.cert.pl/sample/f22d7dc547bfce01ab9f42f71a1ac6e4d0c164187a886d43861b49015520cbd9/
ReversingLabs :Status:Malicious
Threat name:ByteCode-MSIL.Trojan.Injector
First seen:2020-06-30 01:42:32 UTC
AV detection:24 of 31 (77.42%)
Threat level:   5/5
Spamhaus Hash Blocklist :Malicious file
Hatching Triage Score:   5/10
Malware Family:n/a
Link: https://tria.ge/reports/200630-rmm7db6xbs/
Tags:n/a
VirusTotal:Virustotal results 47.95%

Yara Signatures


Rule name:Lokibot
Author:JPCERT/CC Incident Response Group
Description:detect Lokibot in memory
Reference:internal research
Rule name:win_lokipws_auto
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator
Rule name:win_lokipws_g0
Author:Slavo Greminger, SWITCH-CERT
Rule name:with_sqlite
Author:Julian J. Gonzalez <info@seguridadparatodos.es>
Description:Rule to detect the presence of SQLite data in raw image
Reference:http://www.st2labs.com

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

Executable exe f22d7dc547bfce01ab9f42f71a1ac6e4d0c164187a886d43861b49015520cbd9

(this sample)

Comments