MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bf6d2e90c5fd6b327f1e513402eb01491ac8487b682243450ad684de5e6e62d4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bf6d2e90c5fd6b327f1e513402eb01491ac8487b682243450ad684de5e6e62d4
SHA3-384 hash: dae79592744f1b7a1416cbd17bb00e754b62b81ecbe7e0b6c199e7d4f582fe76a07059547bcdb291ebd956451691e0ad
SHA1 hash: 34eefb4e61c0e6234f484020431e635796a0a3ab
MD5 hash: 5c3c672773cb4d22c5a500aaa0af0032
humanhash: august-orange-pasta-ack
File name:payment.exe
Download: download sample
Signature Loki
Create hunting rule
File size:77'824 bytes
First seen:2020-03-19 06:22:45 UTC
Last seen:2020-03-19 07:42:57 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 75c1e2ac527c0166413f66e0588f01fa (1 x Loki)
ssdeep 1536:2W61eJ4BIeWJSkW8uTZs4z5NP9NBtmiY:TueeBIvMkWvTG4tl1tnY
Threatray 1'447 similar samples on MalwareBazaar
TLSH 5E736C03F740E46BC458CB3E6CAAD79112537C556996C68BB2D47F2FA8F00A19F1EB18
Reporter cocaman
Tags:exe Loki

Intelligence

File Origin
# of uploads :
2
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.33557894.26734.14732.UNOFFICIAL
Create hunting rule

Win.Trojan.Vebzenpak-7639767-0
Create hunting rule

Win.Trojan.VBGeneric-7640276-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-03-19 01:54:34 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
24 of 30 (80.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=x5ws5egf7vvte7y6ke2af2ybjenmqsd3naregrik22cn4xtomlka._file
Verdict:
malicious
Label(s):
lokipasswordstealer(pws)
Create hunting rule
guloader
Create hunting rule
Similar samples:
20b3c1c5495ed7389cb63dfe6f990c7acd72edd8a6e385cbe698702647d44649
Loki
23eb70abd818d93364ae2f896425d05fd38788c54429f874fabade1671b267b6
Loki
2b419f986ea266fa5826fbb6858782f7c2acfda73aa5ec5cb21d64537d6a4ea1
Loki
89e54f19c04bb28c90f0ee75419a149c8178f9841435a20be727506d0c9506d3
Loki
8e73f4dbd13dd1cf8475bab8fae351b8a05507e429bd3b3700fca13dc764d66a
Loki
bea57552e1978630f3038e4df06ea8fe0d34c9c1656c971f2bb01a894b0f67eb
Loki
d05800ab82af8100fbb6ee66729de2aa580f8acde780df49ef14b4213f316e87
Loki
dfe66d2e7938bed4e4452f82519a8b02d0ac89e74341a4abee8b2ec1c6a7ffb6
Loki
e01f7d5f5a34bc9fde408c3f3fb441b76b6a2c3e2915cbf98ac5ca84e61e2b5d
Loki
fe7a6728da6e544a5963774daa1bae063246a1211a815abdb736ea7a31d7bd30
Loki
+ 1'437 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/bf6d2e90c5fd6b327f1e513402eb01491ac8487b682243450ad684de5e6e62d4

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

iso 780ca0dbaceb85ddb29c6cc8441f9e8c34cc12cc808ac3353f71bf9a74adcfde

Loki

Executable exe bf6d2e90c5fd6b327f1e513402eb01491ac8487b682243450ad684de5e6e62d4

(this sample)

  
Delivery method
Other
  
Dropped by
SHA256 780ca0dbaceb85ddb29c6cc8441f9e8c34cc12cc808ac3353f71bf9a74adcfde

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::EVENT_SINK_AddRef

Comments