MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 74b407cd2ea449ad72f7990b376f2212c917da526e0eac7052a71514a12081b5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 74b407cd2ea449ad72f7990b376f2212c917da526e0eac7052a71514a12081b5
SHA3-384 hash: b01951ae4a137b5af25d720bb95c95132c5b5bd4b6db324c2f7efa5e5d135cf49a440907ae317eccf9a407456254992d
SHA1 hash: 7ceae0e664c6699fac0cdc4fd8d71388a3d874f0
MD5 hash: 0d1ee8598dfac82e43c6e943ad820892
humanhash: indigo-magazine-vegan-failed
File name:850135.exe
Download: download sample
Signature Loki
Create hunting rule
File size:271'360 bytes
First seen:2020-03-18 08:56:24 UTC
Last seen:2020-03-18 18:35:31 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'741 x AgentTesla, 19'606 x Formbook, 12'242 x SnakeKeylogger)
ssdeep 6144:BuLJ9gz0EQ4jQ+eYhb9SyTQMRgF2Awq6HfZKGXBtQ:BYY0EQ4jQ+eY19G2Jq6HfZNBtQ
Threatray 104 similar samples on MalwareBazaar
TLSH E844BD80917C89CAEFFF4E7D1971D881D5CE66642E87B38B390E55FA101602469BAFCC
Reporter jarumlus
Tags:Loki

Intelligence

File Origin
# of uploads :
2
# of downloads :
89
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Mal.Generic_S.21711.361.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-03-18 03:37:01 UTC
File Type:
PE (.Net Exe)
Extracted files:
2
AV detection:
27 of 31 (87.10%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=os2aptjoure224xxtefto3zcclerpwssnyhky4csu4krjijaqg2q._file
Verdict:
unknown
Similar samples:
420c2572fe66b34a3e994b43ec3d35a60559c2b011c02c038854a99034a9ca2f
Loki
47e2cdade33723e82c06a0411695ff32f874ee73024f658cf8c00592dff729a8
Loki
67da8a06938ef9c410525c901be8256cd02a9643d67a61f0f8d49c79fcfc6ef5
Loki
6a07e270c189e9059526fc2570c7e4039f1140115e2f8544bba2b6f5923ac2ce
Loki
6ea011e6a1836355936582525e455b151057c89b7f1780ab52c6f5c4cb19ddad
Loki
6edf56bf042ac4f2cf12f3dcdd5704e71ddeee943463706513ba51123209bc6f
Loki
a733deff759ea8ed7bcb941789e3458cd51b4bb355b66c34a08e3c790ea5f688
Loki
b023a34548a0f58904fab9d0c977edd8eef12a8185661dcb51b9937df768aed1
Loki
dd2d045e12c4a515af87ddd17edf5c8f93494f6b99f099b4808c4d0c61daf999
Loki
e9562206911b00e6f2479459c556bb24609d7151196792c31b9bba547e9c161c
Loki
+ 94 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/74b407cd2ea449ad72f7990b376f2212c917da526e0eac7052a71514a12081b5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Loki

Executable exe 74b407cd2ea449ad72f7990b376f2212c917da526e0eac7052a71514a12081b5

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/326304/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments