MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 818a7b0f2761340c423a9feabe5aae7fbf96129316ae4b0a11357cbaed344bbf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 818a7b0f2761340c423a9feabe5aae7fbf96129316ae4b0a11357cbaed344bbf
SHA3-384 hash: 4a90def3e7412a4872013389284f6b7968e2d0cc025f25aade84250877f47748d462d904063cfda81d5cfcf2ad271843
SHA1 hash: ccb925f7ff426a2cb090f76a86f578cc68a80bb8
MD5 hash: 69616e472ec62efbdecd101e43e0a314
humanhash: alabama-east-fruit-south
File name:PEMBAYARAN COPY TT_PDF.exe
Download: download sample
Signature Loki
Create hunting rule
File size:225'280 bytes
First seen:2020-04-21 06:56:38 UTC
Last seen:2020-04-21 08:24:57 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 51836a24cb0006a24561fc0539fca871 (1 x Loki)
ssdeep 1536:ytO8tPQeJsEp6a8Tsi6S+vi8QqBYz0YoLManDBW0q0QSHNcCLKjMkviF/1nv9XC/:T8PQThTSSg5QqODano02Stcmkq/VtfE
Threatray 294 similar samples on MalwareBazaar
TLSH 2224F7426D78A467C70946701EE6D7B9C20C3EE0E9E4CA4F2050372AEF3378655A662F
Reporter jarumlus
Tags:Loki

Intelligence

File Origin
# of uploads :
2
# of downloads :
93
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Generic-7678438-0
Create hunting rule

Win.Dropper.LokiBot-7678829-0
Create hunting rule

Win.Dropper.LokiBot-7678947-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Malrep
Create hunting rule
Status:
Malicious
First seen:
2020-04-21 01:28:25 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
24 of 31 (77.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=qgfhwdzhme2ayqr2t7vl4wvop67zmeutc2xewcqrgv6lv3jujo7q._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
350b35550e10e3ed50b1337e8899ab2eb9c9cbae7c077027f52bab3c5266bb84
Loki
504cd8dcf16b6e6b55271ef9bcd8603916ec5f81fdeb0615e3c970954d50a7f0
Loki
5f845094f591cc548f669c31a1cbd8466bfe37bdd890d12e535afd73242d58a7
Loki
67aa5b86db90b286266d57324824825453a9db72b15414ee064dbf01085d00b4
Loki
814cf0cf90c5b99f4bf827ca64e5c7c55d73e036b9e8646f0d6031444a90fe63
Loki
9b77dffb83a26f126a334f4dd9de9c8a21802a1b05de3067584ebfa25826f9fa
Loki
bb2faadcbc0d7c66a84bb763e34cc811194f21a2222541a62fd1c0d9d3ce6c42
Loki
c882cc422e4039600b31e53e369f05b29dc9dd38cab76facef8a42adc8d326b3
Loki
ddf6f04276c1d976e62e199e6c928fb7a3d7aaec455a1859f8d8f605c89ffc64
Loki
e0c1fb97e28bc9944bc045ee772dd8da34a985a9e410764734eacdb35429cd1b
Loki
+ 284 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef

Comments