MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c18c647694bc85d12a66e7c15abdc5c116ba95872c9fcfac1bfc29c6927c9783. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c18c647694bc85d12a66e7c15abdc5c116ba95872c9fcfac1bfc29c6927c9783
SHA3-384 hash: d6db53d17af7320c2a7bbe12aea3abdcacfd5bd2e8d2a80f321618ce0dc24f9345fce673e43f3e251ce171f02587e0be
SHA1 hash: 6a9764cdf249443a8907253840a98fa0e5006714
MD5 hash: 8e8cfee980666c34664d527485ef693e
humanhash: cat-michigan-jupiter-west
File name:MT103 Swift Bank Transfer.exe
Download: download sample
Signature Loki
Create hunting rule
File size:102'400 bytes
First seen:2020-04-06 05:05:06 UTC
Last seen:2020-04-06 17:16:02 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 8174bd4f6812c8914c564067e795a72e (1 x Loki)
ssdeep 768:Y5/dS/71qyh0rzO3cUcPFYqWCxL0ehWsZqRAQIrszIZ:GdM7syH3cRtYqWCxYfsMRAQIIUZ
Threatray 862 similar samples on MalwareBazaar
TLSH E8A30662BE64FE12C8046AB18E7AC7E84025BC30AC416E07BAC43F6E3D711D5B592F57
Reporter cocaman
Tags:exe Loki

Intelligence

File Origin
# of uploads :
3
# of downloads :
84
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Packed.Noon-7650558-0
Create hunting rule

Win.Malware.Generic-7650850-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-04-06 03:46:01 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
26 of 31 (83.87%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ygggi5uuxsc5cktg47avvpofyellvfmhfsp47la37qu4net4s6bq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
102a406e2b148d3dff10dc067b37c4cfbe7594c9e10dc3dc2d3b13b3c908678e
Loki
1d67a78a85100f6be1da61ddf1b8945d5e3c114a61e8ac505e7a18653633c1d2
Loki
3c03c5f80df2762d336347192bcb146bd837550b208bab90b0e81d481d7e3506
Loki
481ef8217d421c2f236d0846229e3c9884cb373530d93a00c8f30b83319c2824
Loki
4cab1aacfb805a94301d5f14ff07c8a4c07cef2b81897c19fd35a04c5cfe2b68
Loki
4e49f8ed15a69e1147ae9428c9e5b4d4aa928769f261627abc059d2060e94a6b
Loki
4e7757f18ae0c6aeac44ed49de53657e81d46474c75c431b291e3e5712b94045
Loki
55b8c931d255cef1b2541db94a1eea700b9849c253ca5b24f31aeaf272a276c9
Loki
5c4943289a1959b03d31592b147472be4d31a2637316b7bbe102412082619502
Loki
801aff832240d9b440bcd8fb1244c03b328a91035a69de29ba8421b82e077ca3
Loki
+ 852 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

zip 3dad66f01e53b7324125ea6d8e59e19380557ae0366f7ed8e07a7b393505533b

Loki

Executable exe c18c647694bc85d12a66e7c15abdc5c116ba95872c9fcfac1bfc29c6927c9783

(this sample)

Loki

Executable exe 51530d6352af87e10db2f455b806a2fc81b82d26658df8d46067d6dc44201bec

  
Delivery method
Other
  
Dropped by
SHA256 3dad66f01e53b7324125ea6d8e59e19380557ae0366f7ed8e07a7b393505533b
  
Dropping
SHA256 51530d6352af87e10db2f455b806a2fc81b82d26658df8d46067d6dc44201bec
  
Dropping
MD5 69bec5ca1e1b07f834b7df7262401ebb

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef
MSVBVM60.DLL::__vbaLateMemCallLd
MSVBVM60.DLL::__vbaErrorOverflow

Comments