MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8f8ff17b512710722ead6b14aa0f6978b88bf62efb4e61db7c9b589c6f5ba7b8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8f8ff17b512710722ead6b14aa0f6978b88bf62efb4e61db7c9b589c6f5ba7b8
SHA3-384 hash: a241f4f6b0d20dd5434fdb2da26db9e2f373022794a2e0801138752ec1358d4768e3ec2a4e4c25261daa6a8e83880346
SHA1 hash: 0d81adf71c19f51a3a05531908564d63612dcb11
MD5 hash: 22c7f0d644de7f8799093658e0b6304b
humanhash: north-fix-two-arizona
File name:scan00456_pdf.exe
Download: download sample
Signature Loki
Create hunting rule
File size:106'496 bytes
First seen:2020-04-16 07:34:20 UTC
Last seen:2020-04-16 13:49:57 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash ae70ad642fb5ddaec301279f43d58165 (1 x Loki)
ssdeep 768:U0toUNQVi4M5lPkfmuCoFd85oiT7mW+enwy9nySwTYqXua7pO9:GUN0M7Pkfmj5oifjDnITtul9
Threatray 315 similar samples on MalwareBazaar
TLSH 7FA32914B6E4FD16C1244A705EB9CBFC8525BC309E06790734C43F5F3AB6A91B162FAA
Reporter jarumlus
Tags:Loki

Intelligence

File Origin
# of uploads :
3
# of downloads :
91
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Dropper.LokiBot-7670879-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Androm
Create hunting rule
Status:
Malicious
First seen:
2020-04-16 04:05:23 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=r6h7c62re4ihelvnnmkkud3jpc4ix5ro7nhgdw34tnmjy323u64a._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0e29e2d1a0dcaf0555bab1cbe36992a89271f4cd16cdba3d3e1f4d79e9e54fc2
Loki
10481c8ab9d363251e4d1aab4805df6d245621a5f10302fe5ed8cdd9f20bdc14
Loki
1cd2e3b696656354859e0ffdb5bca866fadf42f59c9e2da1c228e0b52fa5f368
Loki
4b5e08d727e3e43db31db4f514737a9ac90088bb581df44beb9c0ca2c0d9bb07
Loki
65bd5f3bc433f60bfc5ea392aaa33539592d657cbe2d316b25b24c9e12c225cc
Loki
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
Loki
dda25996ab5b78fa63ab71aa304360374fe2eb6ded670c778b2c69d9fa1f1e40
Loki
ed155c2b8ff339c2f42748cf806d696e6138e00b04959acf1742eabb513d5850
Loki
ef8f03a25087eeab581d8439a0a19ba7148270d2210d479c1d6867fac69dc813
Loki
f2e2cb71a06ac2a95a02168fc3d91f160e6e07ca19c5e6d3d708a9a486dd3f92
Loki
+ 305 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef

Comments