MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 51134c2653c4523f190ad0616836cfdee7531db03a6462a50d80e2c674c2bed4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 18


Intelligence 18 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 51134c2653c4523f190ad0616836cfdee7531db03a6462a50d80e2c674c2bed4
SHA3-384 hash: 5e46b63f503611d68ee394569e48893b147d04a773876112515269610c2173fa75624d5187fa3b77cf516c3ac6f986f3
SHA1 hash: 5cc4a7788951efe812b948787a904d44e2c6e0b4
MD5 hash: 482b789757748639f1650439cee279ab
humanhash: spring-victor-magnesium-lake
File name:51134c2653c4523f190ad0616836cfdee7531db03a6462a50d80e2c674c2bed4
Download: download sample
Signature Loki
Create hunting rule
File size:699'392 bytes
First seen:2023-07-06 11:09:43 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 12288:Hd6L7PV1fFiObhaDnLMzIL2q+RTdOL8yjhgQtn82SU/m30Iltu1rGH4hjJugruc3:2OyqGUL8shXteE8tSrGHWjJugH
Threatray 4'311 similar samples on MalwareBazaar
TLSH T196E401A833E3540FCE6E7FBD19890BB9C9F9AA023112D2474EE7784DDC68F558A40257
TrID 63.0% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13)
11.2% (.SCR) Windows screen saver (13097/50/3)
9.0% (.EXE) Win64 Executable (generic) (10523/12/4)
5.6% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
3.8% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):PE icon
dhash icon b2ccf4e0e8d1c29c (12 x AgentTesla, 10 x Loki, 2 x SnakeKeylogger)
Reporter adrian__luca
Tags:exe Loki

Intelligence

File Origin
# of uploads :
1
# of downloads :
286
Origin country :
HU HU
Vendor Threat Intelligence
Malware family:
lokibot
Create hunting rule
ID:
1
File name:
51134c2653c4523f190ad0616836cfdee7531db03a6462a50d80e2c674c2bed4
Verdict:
Malicious activity
Analysis date:
2023-07-06 11:10:45 UTC
Tags:
trojan lokibot
Link:
https://app.any.run/tasks/8b307ac5-3811-4dc5-bac6-8c024d89fa85

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
LokiBot
Create hunting rule
Link:
https://www.capesandbox.com/analysis/409043/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.67412965.8687.17103.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Restart of the analyzed sample
Creating a file
Сreating synchronization primitives
Reading critical registry keys
Enabling the 'hidden' option for analyzed file
Stealing user critical data
Moving of the original file
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
clipbanker comodo darkkomet packed
Link:
https://www.filescan.io/uploads/64a6a10cbf106cbffd375098/reports/c96c79fa-f4a5-4acd-a086-c77c698ba95c/overview
Verdict:
Malicious
Labled as:
Trojan.Generic
Link:
https://www.hybrid-analysis.com/sample/51134c2653c4523f190ad0616836cfdee7531db03a6462a50d80e2c674c2bed4
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Loki
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/3b9953db-5aac-466b-8cef-0ea1dee2695f
Result
Threat name:
Lokibot
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1268055
Signature
.NET source code contains potential unpacker
Antivirus detection for URL or domain
C2 URLs / IPs found in malware configuration
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Tries to steal Mail credentials (via file registry)
Yara detected aPLib compressed binary
Yara detected Lokibot
Behaviour
Behavior Graph:
Download SVG
Detection:
lokibot
Create hunting rule
Link:
https://mwdb.cert.pl/sample/51134c2653c4523f190ad0616836cfdee7531db03a6462a50d80e2c674c2bed4/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2023-06-07 01:00:12 UTC
File Type:
PE (.Net Exe)
Extracted files:
23
AV detection:
25 of 38 (65.79%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kejuyjstyrjd6gik2bqwqnwp33tvghnqhjsgfjinqdrmm5gcx3ka._file
Verdict:
malicious
Label(s):
lokipasswordstealer(pws)
Create hunting rule
Similar samples:
58036d338d5e813b0143524d21a140f38d8b58f1a531b72f7ce4a82091380185
Loki
6053c4c96027a86c60053056dc1f2a90142179b628d82f4ac73315ddf36bf544
Loki
7401a0994cadfc28e5997fb08b5f9e519422241b0edc10c40e0ec01b405b6aa0
Loki
936b0a2add95132c07e4bc7ab3864171e397b5917bf193f7ff99484c2058816c
Loki
c6b9515b2ec0ab542e367db58cefdedcd446f00ea5bf864ed1906c38ceba1e1a
Loki
+ 4'301 additional samples on MalwareBazaar
Result
Malware family:
lokibot
Create hunting rule
Score:
  10/10
Tags:
family:lokibot collection spyware stealer trojan
Link:
https://tria.ge/reports/230706-m9pkgaab64/
Behaviour
Checks processor information in registry
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: RenamesItself
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
outlook_office_path
outlook_win_path
Drops file in System32 directory
Suspicious use of SetThreadContext
Accesses Microsoft Outlook profiles
Reads user/profile data of web browsers
Lokibot
Malware Config
C2 Extraction:
http://185.246.220.85/office2/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Unpacked files
SH256 hash:
62d9c0c00bb0380c0ec4aaf7c3008217aa16a317081fdee115b20c03a071617d
MD5 hash:
02e415009df292823b000434b3a7aa0d
SHA1 hash:
fe22681ebd573f612a68c4fb3e83c0a91e662db9
Link:
https://www.unpac.me/results/aa8ec1a2-9d15-4da9-bbe3-21c747984576/
SH256 hash:
f3eae9e4303c03d39031225fc2b5211149cb10df33cd828f56f9a63b6def9094
MD5 hash:
07330777b3035d6ab4d869bba6fc153c
SHA1 hash:
b15f0cbd60884102999e04e5db8b78346002b8ad
Link:
https://www.unpac.me/results/aa8ec1a2-9d15-4da9-bbe3-21c747984576/
SH256 hash:
85fb18a6c0ec50975019519d91273ecc70c6256a386cc9c56517da7e4047009d
MD5 hash:
09234e1fbb3d4604641bd26eded89dac
SHA1 hash:
ab154f8cf1f10da80b718029ad0e6bfacc4f9273
Detections:
lokibot
Create hunting rule
win_lokipws_auto
Create hunting rule
win_lokipws_g0
Create hunting rule
lokibot
Create hunting rule
win_lokipws_auto
Create hunting rule
win_lokipws_g0
Create hunting rule
lokibot
Create hunting rule
win_lokipws_auto
Create hunting rule
win_lokipws_g0
Create hunting rule
lokibot
Create hunting rule
win_lokipws_auto
Create hunting rule
win_lokipws_g0
Create hunting rule
lokibot
Create hunting rule
win_lokipws_auto
Create hunting rule
win_lokipws_g0
Create hunting rule
Link:
https://www.unpac.me/results/aa8ec1a2-9d15-4da9-bbe3-21c747984576/
Parent samples :
c4450299400ee66eff8208e7f2f65ccbcd34d29350820d7997e27ae50b408241
141eef5010b1211cb42d8209ecb8b41db12a4222086beadded2c8ec5b3457a2f
d1f011508f3fcc568d618796652b5aed02d86c0a0f9c5007385cc50fce7dd532
88ab1b089e6766141839ed227c35daa3b4b7c9dc83948427cec997ee50ddb7ce
51134c2653c4523f190ad0616836cfdee7531db03a6462a50d80e2c674c2bed4
SH256 hash:
3f1bb439dc1e39bdc7ea992cdbacc9583d53e6c4949433f94a8e5be5fa4d3d29
MD5 hash:
be030d800cea4838ad5a4a7559ed3c32
SHA1 hash:
81a03d90b451475d7b229ae91a811800e03f6cb2
Link:
https://www.unpac.me/results/aa8ec1a2-9d15-4da9-bbe3-21c747984576/
SH256 hash:
d6a104f362797984fae0656ca94510b6a0ec68331fe8eb92f006d9c408974116
MD5 hash:
31bd1242e6dc5d37156895742e1e466d
SHA1 hash:
0a2e2697de7b91d64bb6d296200cde585a9f7eaa
Link:
https://www.unpac.me/results/aa8ec1a2-9d15-4da9-bbe3-21c747984576/
SH256 hash:
62d9c0c00bb0380c0ec4aaf7c3008217aa16a317081fdee115b20c03a071617d
MD5 hash:
02e415009df292823b000434b3a7aa0d
SHA1 hash:
fe22681ebd573f612a68c4fb3e83c0a91e662db9
Link:
https://www.unpac.me/results/aa8ec1a2-9d15-4da9-bbe3-21c747984576/
SH256 hash:
f3eae9e4303c03d39031225fc2b5211149cb10df33cd828f56f9a63b6def9094
MD5 hash:
07330777b3035d6ab4d869bba6fc153c
SHA1 hash:
b15f0cbd60884102999e04e5db8b78346002b8ad
Link:
https://www.unpac.me/results/aa8ec1a2-9d15-4da9-bbe3-21c747984576/
SH256 hash:
85fb18a6c0ec50975019519d91273ecc70c6256a386cc9c56517da7e4047009d
MD5 hash:
09234e1fbb3d4604641bd26eded89dac
SHA1 hash:
ab154f8cf1f10da80b718029ad0e6bfacc4f9273
Detections:
lokibot
Create hunting rule
win_lokipws_auto
Create hunting rule
win_lokipws_g0
Create hunting rule
lokibot
Create hunting rule
win_lokipws_auto
Create hunting rule
win_lokipws_g0
Create hunting rule
lokibot
Create hunting rule
win_lokipws_auto
Create hunting rule
win_lokipws_g0
Create hunting rule
lokibot
Create hunting rule
win_lokipws_auto
Create hunting rule
win_lokipws_g0
Create hunting rule
lokibot
Create hunting rule
win_lokipws_auto
Create hunting rule
win_lokipws_g0
Create hunting rule
Link:
https://www.unpac.me/results/aa8ec1a2-9d15-4da9-bbe3-21c747984576/
Parent samples :
c4450299400ee66eff8208e7f2f65ccbcd34d29350820d7997e27ae50b408241
141eef5010b1211cb42d8209ecb8b41db12a4222086beadded2c8ec5b3457a2f
d1f011508f3fcc568d618796652b5aed02d86c0a0f9c5007385cc50fce7dd532
88ab1b089e6766141839ed227c35daa3b4b7c9dc83948427cec997ee50ddb7ce
51134c2653c4523f190ad0616836cfdee7531db03a6462a50d80e2c674c2bed4
SH256 hash:
3f1bb439dc1e39bdc7ea992cdbacc9583d53e6c4949433f94a8e5be5fa4d3d29
MD5 hash:
be030d800cea4838ad5a4a7559ed3c32
SHA1 hash:
81a03d90b451475d7b229ae91a811800e03f6cb2
Link:
https://www.unpac.me/results/aa8ec1a2-9d15-4da9-bbe3-21c747984576/
SH256 hash:
62d9c0c00bb0380c0ec4aaf7c3008217aa16a317081fdee115b20c03a071617d
MD5 hash:
02e415009df292823b000434b3a7aa0d
SHA1 hash:
fe22681ebd573f612a68c4fb3e83c0a91e662db9
Link:
https://www.unpac.me/results/aa8ec1a2-9d15-4da9-bbe3-21c747984576/
SH256 hash:
d6a104f362797984fae0656ca94510b6a0ec68331fe8eb92f006d9c408974116
MD5 hash:
31bd1242e6dc5d37156895742e1e466d
SHA1 hash:
0a2e2697de7b91d64bb6d296200cde585a9f7eaa
Link:
https://www.unpac.me/results/aa8ec1a2-9d15-4da9-bbe3-21c747984576/
SH256 hash:
f3eae9e4303c03d39031225fc2b5211149cb10df33cd828f56f9a63b6def9094
MD5 hash:
07330777b3035d6ab4d869bba6fc153c
SHA1 hash:
b15f0cbd60884102999e04e5db8b78346002b8ad
Link:
https://www.unpac.me/results/aa8ec1a2-9d15-4da9-bbe3-21c747984576/
SH256 hash:
85fb18a6c0ec50975019519d91273ecc70c6256a386cc9c56517da7e4047009d
MD5 hash:
09234e1fbb3d4604641bd26eded89dac
SHA1 hash:
ab154f8cf1f10da80b718029ad0e6bfacc4f9273
Detections:
lokibot
Create hunting rule
win_lokipws_auto
Create hunting rule
win_lokipws_g0
Create hunting rule
lokibot
Create hunting rule
win_lokipws_auto
Create hunting rule
win_lokipws_g0
Create hunting rule
lokibot
Create hunting rule
win_lokipws_auto
Create hunting rule
win_lokipws_g0
Create hunting rule
lokibot
Create hunting rule
win_lokipws_auto
Create hunting rule
win_lokipws_g0
Create hunting rule
lokibot
Create hunting rule
win_lokipws_auto
Create hunting rule
win_lokipws_g0
Create hunting rule
Link:
https://www.unpac.me/results/aa8ec1a2-9d15-4da9-bbe3-21c747984576/
Parent samples :
c4450299400ee66eff8208e7f2f65ccbcd34d29350820d7997e27ae50b408241
141eef5010b1211cb42d8209ecb8b41db12a4222086beadded2c8ec5b3457a2f
d1f011508f3fcc568d618796652b5aed02d86c0a0f9c5007385cc50fce7dd532
88ab1b089e6766141839ed227c35daa3b4b7c9dc83948427cec997ee50ddb7ce
51134c2653c4523f190ad0616836cfdee7531db03a6462a50d80e2c674c2bed4
SH256 hash:
3f1bb439dc1e39bdc7ea992cdbacc9583d53e6c4949433f94a8e5be5fa4d3d29
MD5 hash:
be030d800cea4838ad5a4a7559ed3c32
SHA1 hash:
81a03d90b451475d7b229ae91a811800e03f6cb2
Link:
https://www.unpac.me/results/aa8ec1a2-9d15-4da9-bbe3-21c747984576/
SH256 hash:
d6a104f362797984fae0656ca94510b6a0ec68331fe8eb92f006d9c408974116
MD5 hash:
31bd1242e6dc5d37156895742e1e466d
SHA1 hash:
0a2e2697de7b91d64bb6d296200cde585a9f7eaa
Link:
https://www.unpac.me/results/aa8ec1a2-9d15-4da9-bbe3-21c747984576/
SH256 hash:
62d9c0c00bb0380c0ec4aaf7c3008217aa16a317081fdee115b20c03a071617d
MD5 hash:
02e415009df292823b000434b3a7aa0d
SHA1 hash:
fe22681ebd573f612a68c4fb3e83c0a91e662db9
Link:
https://www.unpac.me/results/aa8ec1a2-9d15-4da9-bbe3-21c747984576/
SH256 hash:
f3eae9e4303c03d39031225fc2b5211149cb10df33cd828f56f9a63b6def9094
MD5 hash:
07330777b3035d6ab4d869bba6fc153c
SHA1 hash:
b15f0cbd60884102999e04e5db8b78346002b8ad
Link:
https://www.unpac.me/results/aa8ec1a2-9d15-4da9-bbe3-21c747984576/
SH256 hash:
85fb18a6c0ec50975019519d91273ecc70c6256a386cc9c56517da7e4047009d
MD5 hash:
09234e1fbb3d4604641bd26eded89dac
SHA1 hash:
ab154f8cf1f10da80b718029ad0e6bfacc4f9273
Detections:
lokibot
Create hunting rule
win_lokipws_auto
Create hunting rule
win_lokipws_g0
Create hunting rule
lokibot
Create hunting rule
win_lokipws_auto
Create hunting rule
win_lokipws_g0
Create hunting rule
lokibot
Create hunting rule
win_lokipws_auto
Create hunting rule
win_lokipws_g0
Create hunting rule
lokibot
Create hunting rule
win_lokipws_auto
Create hunting rule
win_lokipws_g0
Create hunting rule
lokibot
Create hunting rule
win_lokipws_auto
Create hunting rule
win_lokipws_g0
Create hunting rule
Link:
https://www.unpac.me/results/aa8ec1a2-9d15-4da9-bbe3-21c747984576/
Parent samples :
c4450299400ee66eff8208e7f2f65ccbcd34d29350820d7997e27ae50b408241
141eef5010b1211cb42d8209ecb8b41db12a4222086beadded2c8ec5b3457a2f
d1f011508f3fcc568d618796652b5aed02d86c0a0f9c5007385cc50fce7dd532
88ab1b089e6766141839ed227c35daa3b4b7c9dc83948427cec997ee50ddb7ce
51134c2653c4523f190ad0616836cfdee7531db03a6462a50d80e2c674c2bed4
SH256 hash:
3f1bb439dc1e39bdc7ea992cdbacc9583d53e6c4949433f94a8e5be5fa4d3d29
MD5 hash:
be030d800cea4838ad5a4a7559ed3c32
SHA1 hash:
81a03d90b451475d7b229ae91a811800e03f6cb2
Link:
https://www.unpac.me/results/aa8ec1a2-9d15-4da9-bbe3-21c747984576/
SH256 hash:
d6a104f362797984fae0656ca94510b6a0ec68331fe8eb92f006d9c408974116
MD5 hash:
31bd1242e6dc5d37156895742e1e466d
SHA1 hash:
0a2e2697de7b91d64bb6d296200cde585a9f7eaa
Link:
https://www.unpac.me/results/aa8ec1a2-9d15-4da9-bbe3-21c747984576/
SH256 hash:
62d9c0c00bb0380c0ec4aaf7c3008217aa16a317081fdee115b20c03a071617d
MD5 hash:
02e415009df292823b000434b3a7aa0d
SHA1 hash:
fe22681ebd573f612a68c4fb3e83c0a91e662db9
Link:
https://www.unpac.me/results/aa8ec1a2-9d15-4da9-bbe3-21c747984576/
SH256 hash:
f3eae9e4303c03d39031225fc2b5211149cb10df33cd828f56f9a63b6def9094
MD5 hash:
07330777b3035d6ab4d869bba6fc153c
SHA1 hash:
b15f0cbd60884102999e04e5db8b78346002b8ad
Link:
https://www.unpac.me/results/aa8ec1a2-9d15-4da9-bbe3-21c747984576/
SH256 hash:
85fb18a6c0ec50975019519d91273ecc70c6256a386cc9c56517da7e4047009d
MD5 hash:
09234e1fbb3d4604641bd26eded89dac
SHA1 hash:
ab154f8cf1f10da80b718029ad0e6bfacc4f9273
Detections:
lokibot
Create hunting rule
win_lokipws_auto
Create hunting rule
win_lokipws_g0
Create hunting rule
lokibot
Create hunting rule
win_lokipws_auto
Create hunting rule
win_lokipws_g0
Create hunting rule
lokibot
Create hunting rule
win_lokipws_auto
Create hunting rule
win_lokipws_g0
Create hunting rule
lokibot
Create hunting rule
win_lokipws_auto
Create hunting rule
win_lokipws_g0
Create hunting rule
lokibot
Create hunting rule
win_lokipws_auto
Create hunting rule
win_lokipws_g0
Create hunting rule
Link:
https://www.unpac.me/results/aa8ec1a2-9d15-4da9-bbe3-21c747984576/
Parent samples :
c4450299400ee66eff8208e7f2f65ccbcd34d29350820d7997e27ae50b408241
141eef5010b1211cb42d8209ecb8b41db12a4222086beadded2c8ec5b3457a2f
d1f011508f3fcc568d618796652b5aed02d86c0a0f9c5007385cc50fce7dd532
88ab1b089e6766141839ed227c35daa3b4b7c9dc83948427cec997ee50ddb7ce
51134c2653c4523f190ad0616836cfdee7531db03a6462a50d80e2c674c2bed4
SH256 hash:
3f1bb439dc1e39bdc7ea992cdbacc9583d53e6c4949433f94a8e5be5fa4d3d29
MD5 hash:
be030d800cea4838ad5a4a7559ed3c32
SHA1 hash:
81a03d90b451475d7b229ae91a811800e03f6cb2
Link:
https://www.unpac.me/results/aa8ec1a2-9d15-4da9-bbe3-21c747984576/
SH256 hash:
d6a104f362797984fae0656ca94510b6a0ec68331fe8eb92f006d9c408974116
MD5 hash:
31bd1242e6dc5d37156895742e1e466d
SHA1 hash:
0a2e2697de7b91d64bb6d296200cde585a9f7eaa
Link:
https://www.unpac.me/results/aa8ec1a2-9d15-4da9-bbe3-21c747984576/
SH256 hash:
51134c2653c4523f190ad0616836cfdee7531db03a6462a50d80e2c674c2bed4
MD5 hash:
482b789757748639f1650439cee279ab
SHA1 hash:
5cc4a7788951efe812b948787a904d44e2c6e0b4
Link:
https://www.unpac.me/results/aa8ec1a2-9d15-4da9-bbe3-21c747984576/
Malware family:
Lokibot
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/51134c2653c4/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Lokibot
Score:
0.90
Link:
https://yomi.yoroi.company/submissions/51134c2653c4523f190ad0616836cfdee7531db03a6462a50d80e2c674c2bed4

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/409043/

Comments