MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 29f4955e8b756287e4a4b37872b8fef347c23749869d0a42e71512051fe6f0ac. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 29f4955e8b756287e4a4b37872b8fef347c23749869d0a42e71512051fe6f0ac
SHA3-384 hash: b05b73810166348afa02822ddc6c78675159e8d34927b41b032c8a3c6705976275aed0e09b956ee825574cd4f70e4242
SHA1 hash: bd7c44a34d489c623f5b96b4b37e870447a656be
MD5 hash: d1bc40112092432e5efad8c8854f4905
humanhash: august-four-oscar-equal
File name:urgent order confirmation.exe
Download: download sample
Signature Loki
Create hunting rule
File size:49'152 bytes
First seen:2020-04-27 23:15:53 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash ee0954492d093901a2d64b67f066ca2e (1 x Loki)
ssdeep 768:+0bOGdvdVAHc3ikyYhiT/jxMv/WPLpfzAJLK:zCyvdVA8ykyYhSjSv/UpfzAI
Threatray 1'548 similar samples on MalwareBazaar
TLSH 8923DA615DFA24F7E22EC57B06392AEAC5756FBF2521B843AFB1F144E8B08178061713
Reporter c_APT_ure
Tags:Loki

Intelligence

File Origin
# of uploads :
1
# of downloads :
90
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.VBGeneric-7536007-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Androm
Create hunting rule
Status:
Malicious
First seen:
2020-01-15 01:34:36 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
27 of 31 (87.10%)
Threat level:
  2/5
Verdict:
malicious
Label(s):
lokipasswordstealer(pws)
Create hunting rule
Similar samples:
168cd5b5e4d1dfec48777cdc97b74c7b33dca67d176f9add9bb94fa89905db38
Loki
337471a86433031e87027a6459fee04e490ddfc016d4d7eab062e0a1e09ca138
Loki
63a5b27aaccab499d4e56d6606d9495484685be3f63817f9e90a61330bcffe38
Loki
8bbc2e9322af7c28162adfaa66055af70695b2da16b822be4b8b4deb67da405c
Loki
c2a89ad45cb8155c18ddea788ecbc9ba9643ecd4e93e9711a736af4a52091632
Loki
c92140fa8005261ee9d5c20c08fe5fd74816dbabaa1404f61444991db497bac1
Loki
cffb28f48a39b040f06f0563eaaac0a99f06accf37cc5da95383805c17c583c3
Loki
e0a55cba6885e046f0eb064179877af39b10f3d8cc74b8c697ea7c8cda6ab739
Loki
ee4bbc371656858005f8d7f3315d21327f447f7aa521c2e9c2d46799841f3e02
Loki
f78f5eeea8bfec17ed985d71b265dd5be1bb90f781004a6a473e2e116abe144e
Loki
+ 1'538 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaSetSystemError
MSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef
MSVBVM60.DLL::__vbaLateMemCallLd

Comments