MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1458a8a1c40dcbada5e1fd3d861386975160c343179082dd2c7738c121c13bc9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Loda

Vendor detections: 16

Intelligence 16 IOCs YARA 9 File information Comments

SHA256 hash:	1458a8a1c40dcbada5e1fd3d861386975160c343179082dd2c7738c121c13bc9
SHA3-384 hash:	dc96a47738362c5a9ebe1e8e995ac205d38fe1fa49aeda895c8a381d57143059b8b1eb054a7ec7121be95645645f8061
SHA1 hash:	4d09253f02c14d7f1980af0ee69e33229fff48f8
MD5 hash:	e8bb5258931dc7ca03cab15da40d5bf3
humanhash:	vegan-ack-jersey-pizza
File name:	YHUVRV.exe
Download:	download sample
Signature	Loda Create hunting rule
File size:	1'110'016 bytes
First seen:	2025-10-14 18:23:30 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	ef471c0edf1877cd5a881a6a8bf647b9 (83 x Formbook, 33 x Loki, 32 x Loda)
ssdeep	24576:VhloDX0XOf40lb0IAPlUCeePkUPMOPOUYYF35qVkc:VhloJfJb+PUefMAfpqVk
TLSH	T10435E09A5D454AF7E31CF03080F3772D237EDE3A3E961F0CE9AE7EA862744492599412
TrID	31.3% (.EXE) UPX compressed Win32 Executable (27066/9/6) 30.7% (.EXE) Win32 EXE Yoda's Crypter (26569/9/4) 12.1% (.EXE) Win64 Executable (generic) (10522/11/4) 7.6% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 5.8% (.EXE) Win16 NE executable (generic) (5038/12/1)
Magika	pebin
dhash icon	b881848a8a0ce0d8 (4 x Loda, 1 x zgRAT, 1 x AveMariaRAT)
Reporter	Anonymous
Tags:	exe Loda

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

_1458a8a1c40dcbada5e1fd3d861386975160c343179082dd2c7738c121c13bc9.exe

Verdict:

Malicious activity

Analysis date:

2025-10-14 18:29:29 UTC

Tags:

upx autoit

Link:

https://app.any.run/tasks/67f1c282-f910-4c5f-ad27-e051b588f305

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/32813/

Verdict:

Malicious

Score:

90.2%

Link:

https://cyber-fortress.com/docs/result/index.php?id=68ee960004e22ce9acda1c87

Tags:

autoit

Result

Verdict:

Suspicious

Maliciousness:

Behaviour

Creating a window

Running batch commands

Creating a process with a hidden window

Launching a process

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

autoit compiled-script microsoft_visual_cc obfuscated overlay packed packed packed packer_detected upx

Link:

https://www.filescan.io/uploads/68ee9772fe81c560ba58d371/reports/2fd65132-ae1a-4f48-bd59-438a97ed05f8/overview

Verdict:

Malicious

Labled as:

Suspicious:Packed.Autoit.H.bhqf

Link:

https://www.hybrid-analysis.com/sample/1458a8a1c40dcbada5e1fd3d861386975160c343179082dd2c7738c121c13bc9

Verdict:

Malicious

File Type:

exe x32

First seen:

2025-10-14T12:20:00Z UTC

Last seen:

2025-10-14T12:59:00Z UTC

Hits:

~10

Link:

https://opentip.kaspersky.com/1458a8a1c40dcbada5e1fd3d861386975160c343179082dd2c7738c121c13bc9/results?tab=lookup

Verdict:

Suspicious

Link:

https://analyze.intezer.com/analyses/1617e96c-3770-47db-8830-ed281d71007b

Score:

100%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/1458a8a1c40dcbada5e1fd3d861386975160c343179082dd2c7738c121c13bc9

Verdict:

Malware

YARA:

5 match(es)

Tags:

AutoIt Decompiled Executable PE (Portable Executable) PE File Layout Suspect Win 32 Exe x86

Link:

https://app.malva.re/file/e8bb5258931dc7ca03cab15da40d5bf3

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/1458a8a1c40dcbada5e1fd3d861386975160c343179082dd2c7738c121c13bc9/

Verdict:

Malicious

Threat:

Backdoor.Script.LodaRat

Link:

https://tip.neiki.dev/file/1458a8a1c40dcbada5e1fd3d861386975160c343179082dd2c7738c121c13bc9

Threat name:

Win32.Trojan.AutoitInject

Status:

Malicious

First seen:

2025-10-14 18:13:57 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

22 of 24 (91.67%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=crmkrioebxf23jpb7u6yme4gs5iwbq2dc6iifxjmo44mciobhpeq._file

Verdict:

malicious

Label(s):

autoit

Similar samples:

error

Loda

Result

Malware family:

n/a

Score:

7/10

Tags:

discovery execution persistence upx

Link:

https://tria.ge/reports/251014-w641estqv6/

Behaviour

NTFS ADS

Scheduled Task/Job: Scheduled Task

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

System Location Discovery: System Language Discovery

AutoIT Executable

UPX packed file

Adds Run key to start application

Executes dropped EXE

Verdict:

Malicious

Tags:

Txt.Malware.LodaRAT-9769386-0

YARA:

n/a

Link:

https://app.threat.zone/submission/fe99fcab-5e3e-498a-80bc-4dc3426c2ad2

Unpacked files

SH256 hash:

1458a8a1c40dcbada5e1fd3d861386975160c343179082dd2c7738c121c13bc9

MD5 hash:

e8bb5258931dc7ca03cab15da40d5bf3

SHA1 hash:

4d09253f02c14d7f1980af0ee69e33229fff48f8

Link:

https://www.unpac.me/results/8abbf1f1-8160-41fb-a104-a224bd7fe694/

SH256 hash:

661e9f3734ae7fc19ee7328c254e2cf9fb347c0b877f6c4983d881be467c21e0

MD5 hash:

3b86e45a89288f2c512d2510369b75e8

SHA1 hash:

a0c457fa7ab438ee44050bbd4183fd05e7690a93

Detections:

AutoIT_Compiled

Link:

https://www.unpac.me/results/8abbf1f1-8160-41fb-a104-a224bd7fe694/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/1458a8a1c40dcbada5e1fd3d861386975160c343179082dd2c7738c121c13bc9

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	AutoIt Create hunting rule
Author:	Jean-Philippe Teissier / @Jipe_
Description:	AutoIT packer

Rule name:	AutoIT_Compiled Create hunting rule
Author:	@bartblaze
Description:	Identifies compiled AutoIT script (as EXE). This rule by itself does NOT necessarily mean the detected file is malicious.

Rule name:	CP_Script_Inject_Detector Create hunting rule
Author:	DiegoAnalytics
Description:	Detects attempts to inject code into another process across PE, ELF, Mach-O binaries

Rule name:	DebuggerCheck__API Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	golang_bin_JCorn_CSC846 Create hunting rule
Author:	Justin Cornwell
Description:	CSC-846 Golang detection ruleset

Rule name:	UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser Create hunting rule
Author:	malware-lu

Rule name:	upx_largefile Create hunting rule
Author:	k3nr9

Rule name:	YahLover Create hunting rule
Author:	Kevin Falcoz
Description:	YahLover

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/32813/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample