MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 66168438bb33be163defbf153b4ae386cc4d87d4fa97bd06e66b76594c57c3e0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 66168438bb33be163defbf153b4ae386cc4d87d4fa97bd06e66b76594c57c3e0
SHA3-384 hash: 22c6e63a48db36f71bb19bf19e1eb86d738699a59c4c84ce78ee2688343bac91153aa2f14dc3f2dc86784aff7569862e
SHA1 hash: 7c649af5906061be070719f578c18ed7e56227f5
MD5 hash: 57b4d9a275d11b20fa11b9668b3153b9
humanhash: vermont-juliet-alpha-nevada
File name:CAODUONGCOLTDQuotation.exe
Download: download sample
Signature Loki
Create hunting rule
File size:870'400 bytes
First seen:2021-03-15 13:13:54 UTC
Last seen:2021-03-15 14:45:11 UTC
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 12288:COVs4iLOLHwZQwd0WXYoaOVempl8Ud0h6ISo33wUjJ7U:hHQQwdW9Ocmpl8Ic6IZwk
Threatray 423 similar samples on MalwareBazaar
TLSH 0D054A203E968035E432DAB75B966177AD6E6F263B05F4FD3E7073C60633943A9C1229
Reporter info_sec_ca
Tags:exe Loki

Intelligence

File Origin
# of uploads :
2
# of downloads :
133
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
CAODUONGCOLTDQuotation.exe
Verdict:
No threats detected
Analysis date:
2021-03-15 13:17:18 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/00fcaf48-264d-4e3d-b584-c915ad8b921c

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
SecuriteInfo.com.Trojan.PackedNET.577.30539.3747.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/e830311d-9a73-43c6-b7b2-c2b806e371c5
Result
Threat name:
Lokibot
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/639505
Signature
.NET source code contains very large strings
C2 URLs / IPs found in malware configuration
Found malware configuration
Initial sample is a PE file and has a suspicious name
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Yara detected AntiVM3
Yara detected aPLib compressed binary
Yara detected Lokibot
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/66168438bb33be163defbf153b4ae386cc4d87d4fa97bd06e66b76594c57c3e0/
Threat name:
ByteCode-MSIL.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2021-03-15 11:07:48 UTC
AV detection:
14 of 28 (50.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=myliiof3go7bmpppx4ktwsxdq3ge3b6u7kl32bxgnn3fstcxypqa._file
Verdict:
suspicious
Similar samples:
081bf032ec84c1504a1ec0d43302699c3de788ea5172dcd94a5fcdbb427ffb21
Loki
1dc7babb988cab4431b991c50abbbe696175f0447dcb699c39874934ae43bc1c
Loki
268f6ad0fa829df8641b4ca939eb591da6659e4824f998669c96fdf21284598e
Loki
3ed517e03182938065c9a5d0c3e97bfc763d36e6b34b9d41472e08549a9a3108
Loki
411e56b415d4c23a741958c3f1ada72b3e958c078d27c339678bb690b7a895c3
Loki
5010873836e314d8616a46d51564dff26a2d35cf39a00f6981783cf9c486b215
Loki
723fc2a02ff16459dad6943d5f8de485253aec7d7fcc0f43cc095edef3876200
Loki
98820c48f104e5644529c8e9b012e7c2de6aca35aca322b342ccd23aefdedc96
Loki
cbda0cb5e73c569728dbc6898745de0e6d024bc2e7f7d3dfebf19caecda5d912
Loki
f5ce9b9e842592913ed4e6e1dafe695eae938aa52d4e232ac5be3e52387db7c6
Loki
+ 413 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210315-d2dwmyw8ae/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
66168438bb33be163defbf153b4ae386cc4d87d4fa97bd06e66b76594c57c3e0
MD5 hash:
57b4d9a275d11b20fa11b9668b3153b9
SHA1 hash:
7c649af5906061be070719f578c18ed7e56227f5
Link:
https://www.unpac.me/results/ca0dd5ae-d337-444d-9ca4-7197272df59a/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.49
Link:
https://yomi.yoroi.company/submissions/66168438bb33be163defbf153b4ae386cc4d87d4fa97bd06e66b76594c57c3e0

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments