MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b1bb531b94fd992587eb042d3cf9d3cc5de717dc0c684c47b87e0913181330db. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b1bb531b94fd992587eb042d3cf9d3cc5de717dc0c684c47b87e0913181330db
SHA3-384 hash: 4b4ea9e270db00d710339c5944680404783fbed10a5b03c031fc53078745a7d5858992275a3db19f1149583ebf8ae5bc
SHA1 hash: 264ed3efe1acfbd322f9a6cc9a5dd02ad1015e9a
MD5 hash: bd5b675c1e15a6302196d6423528bdc8
humanhash: nebraska-november-california-eighteen
File name:cjjjjjjjjjjjjjjjjjjj.exe
Download: download sample
Signature Loki
Create hunting rule
File size:530'432 bytes
First seen:2020-05-01 10:37:25 UTC
Last seen:2020-05-01 13:36:53 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 3072:QPSQYIVOzPBWwmdgzMTmBTDavjEESU2e0RtMrjfA5OEe:QPRYIEOdBmJmvAESB1RSrjXE
Threatray 1'471 similar samples on MalwareBazaar
TLSH 8EB4D0623BA5D811C54126794C19D679D211FE69ED30950B36D23F8F3BFA112CA13B3E
Reporter jarumlus
Tags:Loki

Intelligence

File Origin
# of uploads :
3
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Plugx
Create hunting rule
Link:
https://www.capesandbox.com/analysis/3788/
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.43690.29787.4848.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kramnik
Create hunting rule
Status:
Malicious
First seen:
2020-05-01 01:07:23 UTC
File Type:
PE (.Net Exe)
Extracted files:
16
AV detection:
26 of 30 (86.67%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=wg5vgg4u7wmslb7laqwtz6otzro6of64brueyr5ypyerggatgdnq._file
Verdict:
malicious
Label(s):
lokipasswordstealer(pws)
Create hunting rule
Similar samples:
038f6511fee241d2d255393c416c37c4582ad4bcf297dd5cab89ec0905270fb9
Loki
14cbfd81ab9f8f3ae1926d160ddaa8a0f2a61f5ce89f30efc18487e419705c91
Loki
14e7b4f4f4e98ecb3aad0e67857b3fbbca1d314ecdaa0b1aab122e1d97954977
Loki
20edc5b15578c2714fd64a6577a5bd1fbbb13434dc2e900e3b7c568537206050
Loki
3174c59112b25985b8c1454e28c3e42dce2e6b44e3da96d891bfd25622e586ea
Loki
35ba63b01ddc9f28a887e6286e205db48ae20c6b70f181d9f026abe468e4f32c
Loki
ccee643a10073ae4bd363ee989472f8aa0ffdcb408a4c98442082e20b4c4e501
Loki
eb62fd0141733058ab86e491cd42e645341527cbaa10f339438528071ca17d28
Loki
ed6563b9e166cc1214903f5dd679b939cb695949c4b08d36adb0be3ffcf857f1
Loki
fcfc827205cd38cdf997f72b1d58eba51ac12da6ba5939279b626522b11fd938
Loki
+ 1'461 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Loki

Executable exe b1bb531b94fd992587eb042d3cf9d3cc5de717dc0c684c47b87e0913181330db

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/355466/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/3788/
Cape
Cape
https://www.capesandbox.com/analysis/3786/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments