MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 83b924a12b9d879758a2cd4c73a095de0ba4016163f76c94404820e741534030. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loda


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 83b924a12b9d879758a2cd4c73a095de0ba4016163f76c94404820e741534030
SHA3-384 hash: 704fd17f9a8be9a31c8152cf1551e478d09f8ec71ee0ac32bc614a0d0e7f2620280d25ebe84bfdac2b8dc28d2fe8e64d
SHA1 hash: ee41522f8b00b9e6167dbc3c72f257733026c031
MD5 hash: 67a86709aa93d2b2c19664853d360aaa
humanhash: bluebird-twenty-oklahoma-pasta
File name:83b924a12b9d879758a2cd4c73a095de0ba4016163f76c94404820e741534030
Download: download sample
Signature Loda
Create hunting rule
File size:1'189'877 bytes
First seen:2020-09-15 13:34:46 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash d3bf8a7746a8d1ee8f6e5960c3f69378 (247 x Formbook, 75 x AgentTesla, 64 x SnakeKeylogger)
ssdeep 24576:0RmJkcoQricOIQxiZY1iaEDda94zx3AZnC9vG82FP:RJZoQrbTFZY1iasda93ZnCZPC
Threatray 170 similar samples on MalwareBazaar
TLSH C145E121F5C68036C2F333B19E7EF7669A3D69360326D29727C81D315EA05816B3A763
Reporter madjack_red
Tags:Loda

Intelligence

File Origin
# of uploads :
1
# of downloads :
107
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Detection(s):
SecuriteInfo.com.VBS.Dropper-4.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Creating a window
Creating a file in the %AppData% subdirectories
Using the Windows Management Instrumentation requests
Creating a file in the %temp% directory
Creating a process from a recently created file
Sending a custom TCP request
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Enabling autorun by creating a file
Result
Threat name:
Unknown
Detection:
malicious
Classification:
troj.evad
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/466638
Signature
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Machine Learning detection for dropped file
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected WebBrowserPassView password recovery tool
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 285727 Sample: 5Va3cijegB Startdate: 15/09/2020 Architecture: WINDOWS Score: 80 39 Antivirus / Scanner detection for submitted sample 2->39 41 Multi AV Scanner detection for submitted file 2->41 43 Yara detected WebBrowserPassView password recovery tool 2->43 7 5Va3cijegB.exe 2 5 2->7         started        11 VQFTMS.exe 2->11         started        14 VQFTMS.exe 2->14         started        16 VQFTMS.exe 2->16         started        process3 dnsIp4 37 46.243.136.238, 4000, 49717 ETOP-ASPL Netherlands 7->37 33 C:\Users\user\AppData\Roaming\...\VQFTMS.exe, PE32 7->33 dropped 35 C:\Users\user\AppData\Local\Temp\Pl2.exe, PE32 7->35 dropped 18 cmd.exe 1 7->18         started        20 cmd.exe 1 7->20         started        22 wscript.exe 7->22         started        49 Antivirus detection for dropped file 11->49 51 Multi AV Scanner detection for dropped file 11->51 file5 signatures6 process7 process8 24 Pl2.exe 13 18->24         started        27 conhost.exe 18->27         started        29 Pl2.exe 13 20->29         started        31 conhost.exe 20->31         started        signatures9 45 Multi AV Scanner detection for dropped file 24->45 47 Machine Learning detection for dropped file 24->47
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/83b924a12b9d879758a2cd4c73a095de0ba4016163f76c94404820e741534030/
Threat name:
Win32.Trojan.Nymeria
Create hunting rule
Status:
Malicious
First seen:
2020-09-15 13:36:11 UTC
AV detection:
27 of 29 (93.10%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=qo4sjijltwdzowfczvghhiev3yf2ialbmp3wzfcajaqooqktiaya._file
Verdict:
malicious
Similar samples:
38e5fde6988bbf02467d7b59ba15a3dfbdaedfab4804c60cf3ae44db6b48a844
Loda
62e2d0479075cb28a37635972b9d3ad111e77b86b70de000409e11fe3f1d025a
Loda
647260f08017b3f63e2c5178e751b9d37503850cc18aeaa367506e7808b1e249
Loda
6c5e170ec02d30c57a8bbceb8533eb73efd7b46f8ae1cd6e552fa6a5656afb36
Loda
8a72a55d126b69bda2f37fd88050aeed02d97733f6777759b542db8a442435bc
Loda
9129967bfcf44c87ec6eb83a30f5500a5e453c76281b7ec3b0c1caa778377e08
Loda
aff4652e2ee285a5ad71717a36e215c1eb59787d74e73a763701b0a5f68751a7
Loda
b24cb4cd3db305d5451cb3c0d0e60fe578b1fd38aca4be6032fb0ce2f0b786b4
Loda
ed105272dc3c77f54e7d170474afa6590a98477e6b076d7e5d1cf6c5e152319d
Loda
fb400e7c4b16ab67fa5c080f8b1e7f7db965b77d097526a6a28ef5ca34f24bd9
Loda
+ 160 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
persistence spyware
Link:
https://tria.ge/reports/200915-2zyrhzf6y6/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of WriteProcessMemory
Adds Run key to start application
Adds Run key to start application
Drops startup file
Drops startup file
Reads user/profile data of web browsers
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/83b924a12b9d879758a2cd4c73a095de0ba4016163f76c94404820e741534030

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/60574/

Comments