MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c1a45cd2c5e8c4d43b277e82ec6edde636ffaed099775901414800f1da0cef5b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Loki

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	c1a45cd2c5e8c4d43b277e82ec6edde636ffaed099775901414800f1da0cef5b
SHA3-384 hash:	a49f06e0d73e8f35a88b8473bdcf29ebf96b1651d36e8dde6a2c086050cbbdf938a78b91d51e71e5c28ad918501b7aee
SHA1 hash:	c1a4719d8bba73439b80d2d5a380cda574854763
MD5 hash:	6c618296f7938fe25881afe2057e64db
humanhash:	summer-happy-alabama-nevada
File name:	c1a45cd2c5e8c4d43b277e82ec6edde636ffaed099775901414800f1da0cef5b
Download:	download sample
Signature	Loki Create hunting rule
File size:	695'808 bytes
First seen:	2020-11-11 11:08:22 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f46e4a036d5cecf321414d99526bc936 (4 x Loki)
ssdeep	12288:iiAVu3HHj6kkM/y6T6ax0fpMAmSLY859zHryx1jUb5B7gfT:TMu3Hjply6uaxWp9LYs9zLsmfC
Threatray	1'921 similar samples on MalwareBazaar
TLSH	CCE47D22E6E04472D3161638CD0B5FA86E26FD607958EF472EE56F4C7F34F406A252A3
Reporter	seifreed
Tags:	Loki

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Win.Malware.Cqit-6999290-0

PUA.Win.Adware.Slugin-6803969-0

PUA.Win.Adware.Slugin-6840354-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a UDP request

Creating a window

Unauthorized injection to a recently created process

Reading critical registry keys

Changing a file

Replacing files

DNS request

Creating a file in the %AppData% subdirectories

Deleting a recently created file

Stealing user critical data

Moving of the original file

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/c1a45cd2c5e8c4d43b277e82ec6edde636ffaed099775901414800f1da0cef5b/

Threat name:

Win32.Trojan.LokiBot

Status:

Malicious

First seen:

2020-11-11 11:10:24 UTC

AV detection:

25 of 29 (86.21%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=ygsfzuwf5dcniozhp2boy3w54y3p7lwqtf3vsakbjaapdwqm55nq._file

Verdict:

malicious

Label(s):

lokipasswordstealer(pws)

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/201111-zkp2qttq1n/

Unpacked files

SH256 hash:

c1a45cd2c5e8c4d43b277e82ec6edde636ffaed099775901414800f1da0cef5b

MD5 hash:

6c618296f7938fe25881afe2057e64db

SHA1 hash:

c1a4719d8bba73439b80d2d5a380cda574854763

Link:

https://www.unpac.me/results/a27ab256-a128-4788-9553-c36886a1e49f/

SH256 hash:

53bb0ef4dcd6cb927fd404361f2ca1655f2cb17117aa33e01173674a8d9c86a4

MD5 hash:

f392791a2056454f119087205e7f0f31

SHA1 hash:

6ee4f5c4e2890448df3ee188cb4126160d17be70

Detections:

win_lokipws_g0

win_lokipws_auto

Link:

https://www.unpac.me/results/a27ab256-a128-4788-9553-c36886a1e49f/

Parent samples :

c1a45cd2c5e8c4d43b277e82ec6edde636ffaed099775901414800f1da0cef5b
918e04b700056931e225d9c0a1c23679d1d99c918efe6bcd89bed983c8a2e35f
dcd9730f66612e065dd2d527263084f3e6303a3e5df0be9549615e2fbaec7d02
10c85d08ac54f02cca287e47fa37f104cd265c3bc6c7dc7c6510b91b6ff067bf

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample