MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8682df8104337b21a5ec19279b4f7c51a199e53dbb77b5d5a73ea8eeda545ba0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8682df8104337b21a5ec19279b4f7c51a199e53dbb77b5d5a73ea8eeda545ba0
SHA3-384 hash: d3151465b607f473b479e29195d3107a137f9bf5ff8361dbf0c4dc9b02f80c481b0f24c628f52fbdbfdf9d3786c5c2d1
SHA1 hash: 5810390e4d200d52998cb3a3ce3732604bea21a6
MD5 hash: b1c299c24a59ca929e077c5e22d1d3f3
humanhash: earth-missouri-four-oxygen
File name:SWIFT_COPY.pdf.exe
Download: download sample
Signature Loki
Create hunting rule
File size:1'212'760 bytes
First seen:2020-04-30 07:32:45 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 743440a829dbcc7011d16ba493178a51 (1 x Loki)
ssdeep 6144:uiPdbousfAyBlqKM98KrfuIRsehtQZUtQZ5ppKGPtQi:uiVrs4yj1KlhtQZUtQZ5/KGPtQi
Threatray 2'187 similar samples on MalwareBazaar
TLSH 6745BFA4EFE63CA0D0095BBD810E0B91E678B0B65D718D6E439A48D70E75387A76331F
Reporter jarumlus
Tags:Loki

Code Signing Certificate

Organisation:Belgian DOT software
Issuer:Belgian DOT software
Algorithm:sha256WithRSAEncryption
Valid from:Mar 21 09:10:51 2019 GMT
Valid to:Mar 20 09:10:51 2022 GMT
Serial number: 01
Intelligence: 367 malware samples on MalwareBazaar are signed with this code signing certificate
Cert Central Blocklist:This certificate is on the Cert Central blocklist
Thumbprint Algorithm:SHA256
Thumbprint: 936B4829383AACA7FD672B72BB65E7B5EA542A97B7509EC410855CFA17A0BC7A
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Dropper.Ursu-6904078-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2019-03-21 11:24:33 UTC
File Type:
PE (Exe)
Extracted files:
4
AV detection:
25 of 27 (92.59%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
lokipasswordstealer(pws)
Create hunting rule
guloader
Create hunting rule
Similar samples:
1db568f6ff72a35878d8772fa11e25a64d2b38447580fba8bdbee9c1b946a621
Loki
3056e351e7f9636a77d54c0e149e510a5e357484d2fb0b4659cb7b590e9b75b5
Loki
53edc68ef8a890aac3c8f6fe8c72e1a8cf5057c600a3f85d12b99b59b05e47be
Loki
5e29b5586d17960eaf88a95098dae48bc58ac10cfdc5f9a086a49b30c5ea72ff
Loki
68e57f90365021feb3737c6b743a12ac1e4697cb0fba2a3414a961eeb7486d95
Loki
7200e0900aae53fbd40a961458d2fbdf60a715cf4880b9a6397ea007ccf20f17
Loki
79e7b5dfc3524c3d6952ad9db232baf92848e6572549d4cfd24f845ab298b114
Loki
9bcf29ef3bbb1003db97934e2412dfb77fc1d289797a9b4eab2af243bbc8987f
Loki
bc5abecfb3e5dc45ac5ad4b9273cd06e2b7d0ea834f67ca209d6999f5b054bef
Loki
fe36f8b161c6e9f38fba4be32eb2b67846c9c93de9f48028762f79e5ee2b6169
Loki
+ 2'177 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaSetSystemError
MSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef
MSVBVM60.DLL::__vbaFileOpen
MSVBVM60.DLL::__vbaErrorOverflow

Comments