MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1224967aa7aa8b416aae37b76dc075255948fcf66a6986a880dd00f0ca17737e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1224967aa7aa8b416aae37b76dc075255948fcf66a6986a880dd00f0ca17737e
SHA3-384 hash: 04f217c0b7575fcc3a60d7624251ab69dfc0d2cedf9684c84d676b514bac5c6d6f00ba28726b58737c0266581ec136d2
SHA1 hash: f8fd51dca2c56be57da42e01e72a09a96134ea1a
MD5 hash: 8a83f02411ea93962b23bbaa9cd29e9a
humanhash: butter-river-early-louisiana
File name:New PO#7597072020.exe
Download: download sample
Signature Loki
Create hunting rule
File size:102'400 bytes
First seen:2020-04-09 06:37:01 UTC
Last seen:2020-04-09 07:24:05 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 4bc8a44f49f9e1707bdf0a0c8b95d9c8 (1 x Loki)
ssdeep 768:uitfsEX9wCwM10swsBn1gvj4tXSLjgUv9ZbZfBf:HfFaVMBw0nuj4FSLjgUv9PfBf
Threatray 958 similar samples on MalwareBazaar
TLSH D1A3E561FBD0FEA4E4444EB249F186B80924AD308E657A0379C67B7D3EB44E27681F47
Reporter cocaman
Tags:exe Loki

Intelligence

File Origin
# of uploads :
2
# of downloads :
93
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.Ponystealer-7648176-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-04-09 02:55:19 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
24 of 31 (77.42%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=cisjm6vhvkfuc2vog63w3qdvevmur7hwnjuynkea3uapbsqxon7a._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
14885a4bfd76cdb49db108d03ce3a8c88c301c786eed577606aaacc49d673bfa
Loki
1e22fffb30866578e2bae67b3a138e194853123914d5fa82440f6a2058bfdb3e
Loki
233b77662bc561852146198761fa55b8bd63b0c075150b8ea02a92aa2f5212e6
Loki
4e49f8ed15a69e1147ae9428c9e5b4d4aa928769f261627abc059d2060e94a6b
Loki
54a1f9c8f39feac2378a5e2221e95dc41167cd80d541f448e0ec3e347f183029
Loki
6617979630def30c8a103baceedd1ddb972a53b984de91682aa93451faf833bb
Loki
726156ccca0ba0077df20db0e438db482c7197d69453b890332ed69a9e509352
Loki
7848e6e1c38a88fffa92f4ef02ecbf2ac332f2c12a42b04f6d0ac186ad815c21
Loki
ca73b141e59412b434f105fef26227cea43190fbf99e7be806f00b9b9f7a9428
Loki
d9073504ba97540b65006d851251f330bcfb130500daad9a7f8616cb5a6a9ba0
Loki
+ 948 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

zip 933209274ed4f7eeb6884135bcab8a531f1447468e213dc8b2d8198c5c6b8de0

Loki

Executable exe 1224967aa7aa8b416aae37b76dc075255948fcf66a6986a880dd00f0ca17737e

(this sample)

Loki

Executable exe 77c155dec91e95418d92156933299c5230623cdd2301651a335a28dbcc8e7d3a

  
Delivery method
Other
  
Dropped by
SHA256 933209274ed4f7eeb6884135bcab8a531f1447468e213dc8b2d8198c5c6b8de0
  
Dropping
SHA256 77c155dec91e95418d92156933299c5230623cdd2301651a335a28dbcc8e7d3a
  
Dropping
MD5 24c9a60da3297304e3bbf529832bce01

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef

Comments