MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7c53e1f63d1d88bc24f08cdb03e119ebedd27c84802f3b012b7a424ea9ed8e5f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 12


Intelligence 12 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7c53e1f63d1d88bc24f08cdb03e119ebedd27c84802f3b012b7a424ea9ed8e5f
SHA3-384 hash: 3f9b65c0387151a53764a2d979bb538939e88f38c497e50173cb867fd383cbb8de2846989e76524206fb7f8af9a886fe
SHA1 hash: 3d04e1a8b13332fbc8788135b6463665a78c4a3e
MD5 hash: 21f758ff30bce6b14ac5f969c7462c33
humanhash: connecticut-moon-gee-six
File name:SOA_AC.exe
Download: download sample
Signature Loki
Create hunting rule
File size:128'167 bytes
First seen:2021-06-29 06:31:42 UTC
Last seen:2021-06-29 08:08:13 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash ced282d9b261d1462772017fe2f6972b (127 x Formbook, 113 x GuLoader, 70 x RemcosRAT)
ssdeep 3072:iBkfJpRXATwMdFCcGbatofPrjCtza+maguSk+wUEpfvjtrN7jIfF:iqjIKOoXrIz6kD5pfVaF
Threatray 3'335 similar samples on MalwareBazaar
TLSH 90C3025135C0D4F7C7A502B04A376786DFE9A30821B9574BB3605F8F7E53A86CA0DA63
Reporter Anonymous
Tags:exe Loki

Intelligence

File Origin
# of uploads :
2
# of downloads :
149
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SOA_AC.exe
Verdict:
Suspicious activity
Analysis date:
2021-06-29 05:51:15 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/ae5fdcf6-b910-42cb-ae50-434953a6f8ad

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
Loki
Create hunting rule
Link:
https://www.capesandbox.com/analysis/168678/
Detection(s):
SecuriteInfo.com.Zum.Androm.1.17668.13694.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Loki
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/3081f255-a81b-4365-b596-83f5bb144219
Result
Threat name:
Lokibot
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
96 / 100
Link:
https://www.joesandbox.com/analysis/809157
Signature
C2 URLs / IPs found in malware configuration
Contains functionality to inject code into remote processes
Found malware configuration
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected aPLib compressed binary
Yara detected Lokibot
Behaviour
Behavior Graph:
Download SVG
Detection:
lokibot
Create hunting rule
Link:
https://mwdb.cert.pl/sample/7c53e1f63d1d88bc24f08cdb03e119ebedd27c84802f3b012b7a424ea9ed8e5f/
Threat name:
Win32.Trojan.Gorgon
Create hunting rule
Status:
Malicious
First seen:
2021-06-29 04:34:41 UTC
AV detection:
17 of 46 (36.96%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=prj6d5r5dwelyjhqrtnqhyiz5pw5e7eeqaxtwajlpjbe5kpnrzpq._file
Verdict:
malicious
Label(s):
lokipasswordstealer(pws)
Create hunting rule
Similar samples:
0c4efefcd2850c9764e65fb0f5a084573dfb65c7103b4513781c02e06e21c83a
Loki
0f1d9f17d6380c6318f136f9f951922cffd80ba90fa8748ab88e6fd0b0b19ceb
Loki
47aa20a304624dbf8b71da1804f3f848ab12f2797390d0788067b542dc2c6a9c
Loki
52ffdd3bc0de63eb8f6cd8a90373eaf3bcc37bb0804fc4eaad228d34ea5f293d
Loki
616b49735927d0f2a78649237770fe83d86db4c50731ac38b8395b85a67ac2e2
Loki
9052aad9939016a738e74974b7d741647ade7d19c954bf8969af30e5a666eb97
Loki
90d83343f51a1ec0472c4dfd7c887ee13cf79e060632c45e75cd43ff90450810
Loki
c4039980d8050f9deeba61533e38ffff74571e48f7304940825852c2cf8f0932
Loki
cf047a5781d40b7500be89db809fe4343223b20e043819bbba6511ed4f5858e1
Loki
d324d33233edf16f00bb4c9a06a14eee0ef15f8d90a3b9f62213e0ea9054312d
Loki
+ 3'325 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/210629-jk5sd3rj1n/
Behaviour
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Suspicious use of SetThreadContext
Loads dropped DLL
Unpacked files
SH256 hash:
358fc3e3221a008b3daf345041d1d004c540886e81845ff29bce7e1dc641c88a
MD5 hash:
e271269e83c61ad8781fc8067ad85895
SHA1 hash:
dff99686cc4c36ed9826e6eed5fb88fc110a0f0d
Link:
https://www.unpac.me/results/8444bf1c-79f2-4b70-9e1b-3fce790636be/
SH256 hash:
cdf729ec33e39bf7e7106f8d5ad878fc6b94b5c5e79f70cc0f14f77df30f9afa
MD5 hash:
6d07114598825f0578ca601de7b3ff12
SHA1 hash:
6d069860e61dbfb7949bd2eb48fe1f3ad49ea0ae
Detections:
win_lokipws_g0
Create hunting rule
win_lokipws_auto
Create hunting rule
Link:
https://www.unpac.me/results/8444bf1c-79f2-4b70-9e1b-3fce790636be/
SH256 hash:
7c53e1f63d1d88bc24f08cdb03e119ebedd27c84802f3b012b7a424ea9ed8e5f
MD5 hash:
21f758ff30bce6b14ac5f969c7462c33
SHA1 hash:
3d04e1a8b13332fbc8788135b6463665a78c4a3e
Link:
https://www.unpac.me/results/8444bf1c-79f2-4b70-9e1b-3fce790636be/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.67
Link:
https://yomi.yoroi.company/submissions/7c53e1f63d1d88bc24f08cdb03e119ebedd27c84802f3b012b7a424ea9ed8e5f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/168678/

Comments