MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8eb33d0b08f137c3aa3f66d5afe0188b9b60458f95ecf8a2f2ca3815059e2fca. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8eb33d0b08f137c3aa3f66d5afe0188b9b60458f95ecf8a2f2ca3815059e2fca
SHA3-384 hash: 43d192066e0c671f78fac993c5d86974f9d202bec6ff7a39ef0012a03a0951cd3a0d76677af831586317a003b72dd69d
SHA1 hash: df93d11c75f2da6c65a7bfcc2c9380e7802fe74b
MD5 hash: 19f61575738fdf8a799beba1fca4efa5
humanhash: apart-wyoming-batman-johnny
File name:Faktur Bangun Nusa Mandiri.pdf.exe
Download: download sample
Signature Loki
Create hunting rule
File size:77'824 bytes
First seen:2020-04-29 16:56:53 UTC
Last seen:2020-04-29 18:12:49 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash a55f1cd2d3abd10665d8dd702cbed920 (1 x Loki)
ssdeep 768:Ap5oJwd7syzEReVMQG27PPtHamgf//UL6:li71zKPQGgtrY/N
Threatray 70 similar samples on MalwareBazaar
TLSH 78731956F0C4D0F2D659CEB71B25CF785239BD311984CE037245BB2E1E38E89B512BAA
Reporter abuse_ch
Tags:exe Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: ptmatsuo.co.id
Sending IP: 202.74.72.84
From: Unipower | Jakarta <edy_s@karana.co.id>
Subject: COVID19-PT.UNIPOWER PRATAMA- INVOICE 098/I/IV/20- PO.9100326941
Attachment: Faktur Bangun Nusa Mandiri.pdf.gz (contains "Faktur Bangun Nusa Mandiri.pdf.exe")

Loki C2:
http://theblueprint.vn/th/Panel/fre.php

Intelligence

File Origin
# of uploads :
2
# of downloads :
99
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.Ursu.846817.9703.1879.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Androm
Create hunting rule
Status:
Malicious
First seen:
2020-04-29 03:12:05 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
21 of 31 (67.74%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=r2zt2cyi6e34hkr7m3k27yayronwarmpsxwprixszi4bkbm6f7fa._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
182b2d026edb387534dda66711ee6f9050bc8ed871d0ebb71a96f0b18498ba24
Loki
487032be06deec0a6b50c6c0464edb67d50f9bb769ea1527969d4b67b83e8733
Loki
6591794758496511c22b638fc57b5d58943670a72568dfa92f29a08c501c73d6
Loki
99a048c63a4d6da2b9deff2adc8ade88bd4b999674a7fcaeb373fdf8f151ef65
Loki
9ed2069b9a3bddb9c39ab8cf5f0fa3bf79fc9c1f438ae4f7c532132aa214e178
Loki
af8343cc25fb243e378897bcf5c22ff94287610ae86538862feb362e2382b456
Loki
c689edeb2bea45f5a7e6402ba51dc23e40e6c8b509841f60cb3d7327340b9b60
Loki
e2a0cecb9bd8aead0154e241fa01f7876045513c426e20aaee46070a7375f50c
Loki
e7b11adb00aa3b9264a0f647ed236e547d635674418e1a45d282913244d07ae0
Loki
f17d48c8d179de191e519fa908648b977c09f91803b898d8e4fada52e423a8df
Loki
+ 60 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

gz 3bf53d0ecca1d567d29f52d9682a615ef53221ff06abfa965c2a06e7c277277f

Loki

Executable exe 8eb33d0b08f137c3aa3f66d5afe0188b9b60458f95ecf8a2f2ca3815059e2fca

(this sample)

  
Dropped by
MD5 1de961a1f0ca847b9690372f0d432e4c
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 3bf53d0ecca1d567d29f52d9682a615ef53221ff06abfa965c2a06e7c277277f

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::EVENT_SINK_AddRef

Comments