MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d0004a13a8a8d0938f05b10ffb88cf61e914a1e4ce9c602d5d41196d065c933d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d0004a13a8a8d0938f05b10ffb88cf61e914a1e4ce9c602d5d41196d065c933d
SHA3-384 hash: 2a4607535934198a780d33f2928eb3d0430f96925a3a5feff6e76e7bea8cc208257275866aec1fbac7afff77b8b7a95c
SHA1 hash: 367d901523d532e61c1fa93a2d873c682bde850f
MD5 hash: f134eba77d952256309668a3a6d2bf6d
humanhash: skylark-utah-oregon-nineteen
File name:Filname.exe
Download: download sample
File size:840'813 bytes
First seen:2021-11-12 17:05:08 UTC
Last seen:2021-11-13 12:31:42 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 890e522b31701e079a367b89393329e6 (25 x Formbook, 12 x AgentTesla, 8 x Loda)
ssdeep 12288:u6Wq4aaE6KwyF5L0Y2D1PqLyK/mp9mt41YDqGIaVAw8NK1wmRVw15L2nv3E1Rb6y:0thEVaPqLR+U4il6WwP1MvYR6eqbg79
Threatray 440 similar samples on MalwareBazaar
TLSH T13C0533D772AEF512E83D56F64787978341F082BBD3F55E37D468228B129812B38F1258
File icon (PE):PE icon
dhash icon 531b8c335295c864 (1 x Loda)
Reporter Racco42
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
113
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/205349/
Detection(s):
PUA.Win.Packer.Upolyx-12
Create hunting rule

PUA.Win.Packer.Upx-4
Create hunting rule

Win.Packed.LokiBot-6963314-0
Create hunting rule

SecuriteInfo.com.PSW.Banker6.BTQY.1690.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
lokibot overlay packed
Link:
https://www.filescan.io/uploads/618e9efea00afa9663a54624/reports/6f72762e-7bc4-4860-b717-6086b9a98b01/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/76db4789-b923-4ffc-8a6d-a48687e51f3d
Result
Threat name:
Unknown
Detection:
malicious
Classification:
troj.evad
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/888275
Signature
Antivirus / Scanner detection for submitted sample
Uses Windows timers to delay execution
Yara detected Embedded PE file in AUTOIT SCRIPT
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d0004a13a8a8d0938f05b10ffb88cf61e914a1e4ce9c602d5d41196d065c933d/
Threat name:
Win32.Backdoor.LodaRat
Create hunting rule
Status:
Malicious
First seen:
2021-11-12 17:06:06 UTC
AV detection:
24 of 28 (85.71%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
3d96847f7962c01a7951f95acb29dff7999b7e8d54c946b3b1ccd035cbf2bcb1
5ef4f1d59492644372e4de91586798adb788432987848730694be8db0f968008
6ffadd114c7180e8dbbac5751036b4962884662dc5495b6f9988d9c48d26949c
7d4b1b72b1318cb933e0d6420813499581064f57a713b7e1ee8caa3753113ca0
8dcf1ddad7fe3c955ea0713dc7d72a97589490c47f12c163c2f5e19746cea11e
8f7950c2e180309a2666f594c83800ea4122770b25e3cd896b5d0a362a1647e4
a9431563de4e84d5d231fff8382087131368a29066f7711fdbfee0f70f37fe99
b24cb4cd3db305d5451cb3c0d0e60fe578b1fd38aca4be6032fb0ce2f0b786b4
c6b1bd6ce756a09bc3ce5b1b322abb8cc9700a640cc37cb8c32ebfc1eb433184
+ 430 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
upx
Link:
https://tria.ge/reports/211112-vmeqraahdk/
Behaviour
Enumerates physical storage devices
Unpacked files
SH256 hash:
b00e65f141bd037ee4e702f84f6079132a689f31970c29b4d1d67b6a1de4e0bc
MD5 hash:
76dfeeb731295ac4ddedb8d828e9b4d3
SHA1 hash:
2680e2011e29a3ff1f6bd70fc1e8c3a73b5564b9
Link:
https://www.unpac.me/results/7bb8fc73-6e26-4a87-9941-2ae9fc49c943/
SH256 hash:
d0004a13a8a8d0938f05b10ffb88cf61e914a1e4ce9c602d5d41196d065c933d
MD5 hash:
f134eba77d952256309668a3a6d2bf6d
SHA1 hash:
367d901523d532e61c1fa93a2d873c682bde850f
Link:
https://www.unpac.me/results/7bb8fc73-6e26-4a87-9941-2ae9fc49c943/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/205349/

Comments