MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 008c8a71668c7c7b83c38e28700e78ded26da69e6cddcb3cf4c85305ae27b7fe. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 008c8a71668c7c7b83c38e28700e78ded26da69e6cddcb3cf4c85305ae27b7fe
SHA3-384 hash: 59e209c56475dc33709b7de9b8116b42df77fb7e2d824aa7b9f1f096b729ea7fcfabd4e15ddc9dff51d3e7560ffb7935
SHA1 hash: 7029db042492e253df6186ba72fce2f2489ccdd9
MD5 hash: c4a19b08c949ba99904fe7507717aec0
humanhash: nevada-emma-september-oxygen
File name:cjcrypttt.exe
Download: download sample
Signature Loki
Create hunting rule
File size:907'776 bytes
First seen:2020-04-27 22:23:32 UTC
Last seen:2020-04-27 22:41:56 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'751 x AgentTesla, 19'657 x Formbook, 12'248 x SnakeKeylogger)
ssdeep 6144:/phSv9QVNgI2hzFEc3aRt2fhpnS5ebSmNnSOKCkMFtklmxMFlp2z/ZoYqEHQ:/phSv9QVPewoBlSskMFtIYtDHQ
Threatray 1'481 similar samples on MalwareBazaar
TLSH 31158D201FA8292AD18F6338D161C93693F5DD1A6306D34D55C8BDEB35B33A6CA076E3
Reporter James_inthe_box
Tags:exe Loki

Intelligence

File Origin
# of uploads :
2
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.MSIL.Kryptik.VQD.2128.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-04-27 22:23:07 UTC
File Type:
PE (.Net Exe)
Extracted files:
13
AV detection:
22 of 31 (70.97%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
lokipasswordstealer(pws)
Create hunting rule
Similar samples:
15e832cfe4bca263c941f26d1da9bfdac36340a2ee29ad62cd0c7cb5037b0b6d
Loki
3d611ca54f64546327d9bc6993662d5058a7f07fa8e16b81fc7ee6ff60d952f2
Loki
3f423a4bed38af85be2527d22db419c4796f4483ba87f9560dc12aa932c66209
Loki
4d3e8c6d43fcdf1f060986547c0d0af4a27c4ebe9377b374c6981f27d317d5cf
Loki
722521ac19cd30a318eb191975eecadb389fe26c681d76f1c5da92dc8fabac4f
Loki
7ca87455dd2039c423ae801536485e5837fb89ac22f363c498f873d030fb6768
Loki
9c043fb2d5fbffc0095d4b7c17cae0213d1cb4e6b4dd1a0cc2c24b9a2cee19fa
Loki
aa699d6811b7b84893adc0734f2d1b044903ffd15d68ccde38002f34057c35fe
Loki
b1c1df9daeb93473a208117db8782e0a6245e3b8c6f13da6405a79a1e36ab821
Loki
cd1c77cf56fa182cd0a4ee201381eb27c1c959960ed4eb89501f04ab0c620660
Loki
+ 1'471 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
  
URLhaus
https://urlhaus.abuse.ch/url/352582/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments