MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9ab847e59a12e75b3e2851298a8f0aa0d79b5865cf03956b65828631dfd3f974. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Intelligence File information Yara 4 Comments

SHA256 hash: 9ab847e59a12e75b3e2851298a8f0aa0d79b5865cf03956b65828631dfd3f974
SHA1 hash: 69f04a882ef1317757362792c52de5d02f321440
MD5 hash: 414a1c0b1a1cbc5e902b619f2b6906c3
File name:414a1c0b1a1cbc5e902b619f2b6906c3.exe
Download: download sample
Signature Loki
File size:1'147'904 bytes
First seen:2020-05-22 13:53:09 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 3d95adbf13bbe79dc24dccb401c12091
ssdeep 24576:Ptb20pkaCqT5TBWgNQ7axvpUi8/0jUD+fH98p6A:MVg5tQ7axvpv4IUyfy5
TLSH 7D35CF1373DE8361C3B25273BA657741BEBF782506A1F96B2FD4093DE820122525EA73
Reporter @abuse_ch
Tags:exe Loki

Loki C2:


Mail intelligence No data
# of uploads 1
# of downloads 29
Origin country US US
ClamAV Sanesecurity.Malware.27686.AidExe.UNOFFICIAL
VirusTotal:Virustotal results 56.94%
ReversingLabs :No data

Yara Signatures

Rule name:Lokibot
Author:JPCERT/CC Incident Response Group
Description:detect Lokibot in memory
Reference:internal research
Rule name:win_lokipws_auto
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator
Rule name:win_lokipws_g0
Author:Slavo Greminger, SWITCH-CERT
Rule name:with_sqlite
Author:Julian J. Gonzalez <>
Description:Rule to detect the presence of SQLite data in raw image

File information

The table below shows additional information about this malware sample such as delivery method and external references.