MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a514741f5e99ded17c767b1159e98f86ae0b918fcff56f53d365e4744104f457. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a514741f5e99ded17c767b1159e98f86ae0b918fcff56f53d365e4744104f457
SHA3-384 hash: 7d1a5cd8a91b3bee7b8a02f23a3f72b6579130d117e0ccf2b1098fb6f264e9f0f7c7793697c212385156ec942475a278
SHA1 hash: e108d29a51a3d87c017d5cb229b8aff25d789b7d
MD5 hash: 2893a3f5a3b146426bb18f6c3ad4bcba
humanhash: batman-tango-rugby-saturn
File name:2893a3f5a3b146426bb18f6c3ad4bcba.exe
Download: download sample
Signature Loki
Create hunting rule
File size:435'200 bytes
First seen:2021-03-31 18:27:00 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'742 x AgentTesla, 19'607 x Formbook, 12'242 x SnakeKeylogger)
ssdeep 6144:iaekSmWMWFXNf4UnpxayfTYb2doEtjKVpBJxQo6nq14e8XDE5b3nOvpD421VNv:CffdfXpUZiDjCYnqv8IVXK4Gh
Threatray 4'452 similar samples on MalwareBazaar
TLSH 4794F121A3C8AF75E1BF67791460151063F2F115D722EB5DBDE881ED0BA6F8182E7B02
Reporter abuse_ch
Tags:exe Loki

Intelligence

File Origin
# of uploads :
1
# of downloads :
101
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
2893a3f5a3b146426bb18f6c3ad4bcba.exe
Verdict:
Suspicious activity
Analysis date:
2021-03-31 18:38:23 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/ff2f4638-9a3f-4bde-9129-13d4337b5246

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
Formbook
Create hunting rule
Link:
https://www.capesandbox.com/analysis/129787/
Detection(s):
SecuriteInfo.com.Trojan.PackedNET.576-3.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
formbook
Create hunting rule
Link:
https://mwdb.cert.pl/sample/a514741f5e99ded17c767b1159e98f86ae0b918fcff56f53d365e4744104f457/
Threat name:
Win32.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2021-03-31 18:27:10 UTC
AV detection:
13 of 29 (44.83%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=uukhih26thpnc7dwpmivt2mpq2xaxempz72w6u6tmxshiqie6rlq._file
Verdict:
malicious
Label(s):
formbook
Create hunting rule
Similar samples:
0153fdfbc02d929c7f92cd1f4826de2d6a3db1c86cf6c7b79e90169065345480
Loki
414d612f1134c580046095e37ead026b1c2fbfa31432e1ee662276286983fa24
Loki
441a0a46bcdfdee8c8b6761798e75a65204eac43b47547557604f80f26b87e95
Loki
501d4cf13f1e91b23dbc5b82ce88e655e14180097c685968d0de26608d973455
Loki
5559ef68403511daf18f8eb339d1f115cf9f75c94b0d5aeb3924d5493a0a086a
Loki
9998ff1d42d8af0fcc166bea36887eebf182e91d1816853d9f80e6cbbbaf9145
Loki
9f86527e3ca4530bb3209d8608dae083afab4ef2cf7b0ae23bcd6fdc322a0c33
Loki
b4881cc38748284029b7008aaf75c0f1f85a4dcb70a61425e787325736c83f36
Loki
bf6ae876108b5fec915d91bd36d3ccd22c8593be29412521c32a4b3f11a757f0
Loki
f56732d49b44a54bd841c98e78c86dc04719eaec2fed43c2b6429abbcf7eee60
Loki
+ 4'442 additional samples on MalwareBazaar
Result
Malware family:
xloader
Create hunting rule
Score:
  10/10
Tags:
family:xloader loader rat
Link:
https://tria.ge/reports/210331-mx99v29twx/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Xloader Payload
Xloader
Malware Config
C2 Extraction:
http://www.okitmall.com/iu4d/
Unpacked files
SH256 hash:
d436034270fb2d5380e4fcecc1ee6c821a1701aed96045fa13f597da16be08fb
MD5 hash:
00cbf73d8b9f03417a3a32957ec64ed4
SHA1 hash:
b862eff1cf240a5ad5325fd258892e534484a6e8
Link:
https://www.unpac.me/results/1989a360-6cd1-426e-8426-916e470fa628/
SH256 hash:
a514741f5e99ded17c767b1159e98f86ae0b918fcff56f53d365e4744104f457
MD5 hash:
2893a3f5a3b146426bb18f6c3ad4bcba
SHA1 hash:
e108d29a51a3d87c017d5cb229b8aff25d789b7d
Link:
https://www.unpac.me/results/1989a360-6cd1-426e-8426-916e470fa628/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.40
Link:
https://yomi.yoroi.company/submissions/a514741f5e99ded17c767b1159e98f86ae0b918fcff56f53d365e4744104f457

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Loki

Executable exe a514741f5e99ded17c767b1159e98f86ae0b918fcff56f53d365e4744104f457

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1098128/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/129787/

Comments