MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 215efb4d72a987d380f71ce2cea15cb73c3084253026a2c80efd7a3c83ae5f9f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loda


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 215efb4d72a987d380f71ce2cea15cb73c3084253026a2c80efd7a3c83ae5f9f
SHA3-384 hash: 859bd7107a67aabe0fe120508da1a8ab45e56af390bb1695f814345b00865a8aa6d53be052b40e6b0631ec01b1205143
SHA1 hash: 0974d7a42fcff200dd181f87fcc28f956b0d01f1
MD5 hash: a63b5bcdaf023f3a7b98af1b7ec5b7fb
humanhash: fish-august-speaker-hamper
File name:Order_Payment.exe
Download: download sample
Signature Loda
Create hunting rule
File size:1'387'520 bytes
First seen:2020-05-05 11:38:51 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 24576:2Vm6Pfw32+VExoSjXdmyWEx84ctjplzmhjTepGVYWUzM5:2Dw3dejNvxtilyw05
Threatray 1'103 similar samples on MalwareBazaar
TLSH CF55F19D766075DFC85BC8728EA81C64EA61747B835BC203A02316ED9E4D99BCF244F3
Reporter abuse_ch
Tags:exe Loda


Avatar
abuse_ch
Malspam distributing Loda:

HELO: slot0.globalpumps-com.ga
Sending IP: 64.52.84.4
From: Global PUMPS LTD <info@globalpumps-com.ga>
Reply-To: Global PUMPS LTD <airwestm@unamaf-undp.org>
Subject: Re: Order
Attachment: Order_Payment.rar (contains "Order_Payment.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
123
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-05 13:12:00 UTC
File Type:
PE (.Net Exe)
AV detection:
24 of 31 (77.42%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=efppwtlsvgd5hahxdtrm5ik4w46dbbbfgatkfsao7v5dza5ol6pq._file
Verdict:
malicious
Similar samples:
180e63e884c208203b6f222673df84b703a55db642fcbc97183a979fc01381b8
Loda
1e7645dc4a6c0905d8d8ab0674ea1e775f6d363f7294ae4d64837b21f93d6959
Loda
2f53c96770351e95583b6c3d3bde7c4d44f0fc9e324517fd084a61000ed63dde
Loda
7f806ac81a2365986c7d65f22b5459125937b184a6f13208bad4cb684bc70260
Loda
95654631036f198ae09278641c978609781eee27cdff60dcfe05ba72b367eee7
Loda
accfb8da98afdd5a90448bcdead0ce0913e7c1c505a0e4a4fe661fb4dae3da6f
Loda
ad791a10ed33af49c6613064847d3d9614db17ad9b91e048c897781450c07ae1
Loda
d488a34718cf2db560dd4c62ccb5fac527cc192716c2d166a71f98abd384aba6
Loda
e4319ba20af83dd8ba6041fd70c3c27dc2c79c648de642487fc1a217e0549fc8
Loda
f06eba869afb58e91c7cabb96fdbe08480ab3a45f01ab2e2ac194c8c222bace0
Loda
+ 1'093 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-zwy1b45lln/
Behaviour
Creates scheduled task(s)
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
NTFS ADS
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetThreadContext
Drops startup file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loda

rar 1dce260ae8abe296f472eb76bdae463df5400a9a561025a72e99d5026724ab82

Loda

Executable exe 215efb4d72a987d380f71ce2cea15cb73c3084253026a2c80efd7a3c83ae5f9f

(this sample)

  
Dropped by
MD5 fac9631769543ee78a88aed9a60ab9a0
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 1dce260ae8abe296f472eb76bdae463df5400a9a561025a72e99d5026724ab82

Comments