MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 85786fed7ef1d47cf4708a365acbfdd7db7006242bbed19a281450cf29010d6c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Loki

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	85786fed7ef1d47cf4708a365acbfdd7db7006242bbed19a281450cf29010d6c
SHA3-384 hash:	57dcc772b9dad215b26b97804f951bbb59deca15262e5efc73a5f5e44e5ec07236156b8f364799f281b91b6e159b5804
SHA1 hash:	be781bbfbbf7be964a79d4403d8fc3d33b766461
MD5 hash:	b3884db2ee230ae40b182b282ecfffc1
humanhash:	hamper-march-grey-vegan
File name:	b3884db2ee230ae40b182b282ecfffc1.exe
Download:	download sample
Signature	Loki Create hunting rule
File size:	581'632 bytes
First seen:	2020-11-03 13:32:03 UTC
Last seen:	2020-11-03 16:04:35 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'205 x SnakeKeylogger)
ssdeep	12288:BJqIdB2+s3scKOq8ChM3+kkpUUzuFiskcTP8:jqN8NneupDzDsf
Threatray	8 similar samples on MalwareBazaar
TLSH	3EC46CF66246EB6AC80F047FF84B256193D9CF2E99FC804656C5B129137C6CE52AC4CB
Reporter	abuse_ch
Tags:	exe Loki

Intelligence

File Origin

# of uploads :

2

# of downloads :

81

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/82038/

Detection(s):

SecuriteInfo.com.BehavesLike.Win32.Generic.hc.7205.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Sending a UDP request

Creating a window

Launching the default Windows debugger (dwwin.exe)

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Result

Threat name:

Unknown

Detection:

malicious

Classification:

evad

Score:

56 / 100

Link:

https://www.joesandbox.com/analysis/519170

Signature

.NET source code contains potential unpacker

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/85786fed7ef1d47cf4708a365acbfdd7db7006242bbed19a281450cf29010d6c/

Threat name:

ByteCode-MSIL.Trojan.AgentTesla

Status:

Malicious

First seen:

2020-11-03 02:22:16 UTC

AV detection:

21 of 29 (72.41%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=qv4g73l66hkhz5dqri3fvs7527nxabrefo7ndgricrim6kibbvwa._file

Verdict:

unknown

Similar samples:

2b289b1dc38fa9bbd5086bb53a41d36466f899df423df495ae8e7bfd9b06e846

4efd69650a6654537a07b5e0e329281da26ca7da81a8f8c1fbcfa535fec76c50

6014abff3f883feb405938f546265bc9d6fd5a0397778d10fbbcf7e7a04370af

6385450e64d6549f53387a964a6f3a303be10a45de4bd51de26d917eedb04ebc

6dcc42aad646c84eadd068ea14762f62a5d769a6e03b65a859edea2749902dce

a7e8c4d24e013f48bed29fb9a5f0d80c60be249862213e142c7feb47f07ac39e

b2a4c9e1fbafc010c19f17103ed3454b96fd23e047a6a03cb01ecdc9f026709e

bc9b84eb54f77520586d762c86fd649adbda2b6fc78590e25e134cebde038530

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/201103-he3ds77qk2/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Program crash

Unpacked files

SH256 hash:

85786fed7ef1d47cf4708a365acbfdd7db7006242bbed19a281450cf29010d6c

MD5 hash:

b3884db2ee230ae40b182b282ecfffc1

SHA1 hash:

be781bbfbbf7be964a79d4403d8fc3d33b766461

Link:

https://www.unpac.me/results/ff6f6c86-0207-421a-9c3d-49422c8d3e83/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

AgentTesla

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/85786fed7ef1d47cf4708a365acbfdd7db7006242bbed19a281450cf29010d6c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 85786fed7ef1d47cf4708a365acbfdd7db7006242bbed19a281450cf29010d6c

(this sample)

Cape

Cape

https://www.capesandbox.com/analysis/82038/

URLhaus

https://urlhaus.abuse.ch/url/779096/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample