MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 918e04b700056931e225d9c0a1c23679d1d99c918efe6bcd89bed983c8a2e35f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Loki

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	918e04b700056931e225d9c0a1c23679d1d99c918efe6bcd89bed983c8a2e35f
SHA3-384 hash:	428dae5b969b6de3aab365443e319f6700125eb5c60a305ed9091fb8298a7658003787f5a7a8ae3c43a3403fcbd8c6bf
SHA1 hash:	1489d533a6031408d2f895c8c162a39b454ab912
MD5 hash:	306f52bfb5df262d7991b1f8908752bd
humanhash:	washington-west-stairway-robin
File name:	918e04b700056931e225d9c0a1c23679d1d99c918efe6bcd89bed983c8a2e35f
Download:	download sample
Signature	Loki Create hunting rule
File size:	695'808 bytes
First seen:	2020-11-12 13:54:04 UTC
Last seen:	2024-07-24 19:03:43 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f46e4a036d5cecf321414d99526bc936 (4 x Loki)
ssdeep	12288:wn3k4FC6AkMVmCrXUybOwaQrxt859zHryx1jUb5B7gfT:wndFHAnmCDUsO8xts9zLsmfC
Threatray	1'942 similar samples on MalwareBazaar
TLSH	96E48D12E6E04472D3161639CD0B5FA8AE26FD607958EF472EE56F0C7F34F406A252A3
Reporter	seifreed
Tags:	Loki

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Win.Malware.Cqit-6999290-0

PUA.Win.Adware.Slugin-6803969-0

PUA.Win.Adware.Slugin-6840354-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Unauthorized injection to a recently created process

Reading critical registry keys

Changing a file

Replacing files

DNS request

Creating a file in the %AppData% subdirectories

Deleting a recently created file

Stealing user critical data

Moving of the original file

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/918e04b700056931e225d9c0a1c23679d1d99c918efe6bcd89bed983c8a2e35f/

Threat name:

Win32.Trojan.LokiBot

Status:

Malicious

First seen:

2020-11-12 13:55:05 UTC

AV detection:

25 of 29 (86.21%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=sghajnyaavutdyrf3hakdqrwphi5therr37gxtmjx3myhsfc4npq._file

Verdict:

malicious

Label(s):

lokipasswordstealer(pws)

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/201112-2qpkmg3c62/

Unpacked files

SH256 hash:

918e04b700056931e225d9c0a1c23679d1d99c918efe6bcd89bed983c8a2e35f

MD5 hash:

306f52bfb5df262d7991b1f8908752bd

SHA1 hash:

1489d533a6031408d2f895c8c162a39b454ab912

Link:

https://www.unpac.me/results/856a2d85-4780-4b4b-bf1c-ce8b40956359/

SH256 hash:

53bb0ef4dcd6cb927fd404361f2ca1655f2cb17117aa33e01173674a8d9c86a4

MD5 hash:

f392791a2056454f119087205e7f0f31

SHA1 hash:

6ee4f5c4e2890448df3ee188cb4126160d17be70

Detections:

win_lokipws_g0

win_lokipws_auto

Link:

https://www.unpac.me/results/856a2d85-4780-4b4b-bf1c-ce8b40956359/

Parent samples :

c1a45cd2c5e8c4d43b277e82ec6edde636ffaed099775901414800f1da0cef5b
918e04b700056931e225d9c0a1c23679d1d99c918efe6bcd89bed983c8a2e35f
dcd9730f66612e065dd2d527263084f3e6303a3e5df0be9549615e2fbaec7d02
10c85d08ac54f02cca287e47fa37f104cd265c3bc6c7dc7c6510b91b6ff067bf

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Lokibot

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/918e04b700056931e225d9c0a1c23679d1d99c918efe6bcd89bed983c8a2e35f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample