MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 dfeb957fc25e4102bf74a28e214d8ad5488d85b552824e0cd1f3c856f3a62acc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: dfeb957fc25e4102bf74a28e214d8ad5488d85b552824e0cd1f3c856f3a62acc
SHA3-384 hash: 60ae0d3cdaddf6a078bcba25956c16debf5daf0c6b5de85c6c026880e5ed7009ec6cf9b47b11203b4c93e5ec43422173
SHA1 hash: d1442ae9504024f47515f0d6d0c0566d38a7e1e8
MD5 hash: 51da2c0bde17e09fea3cac00ac37a30f
humanhash: alabama-steak-island-avocado
File name:INVOICE 007_PACKING LIST.EXE
Download: download sample
Signature Loki
File size:1'150'464 bytes
First seen:2020-06-18 07:40:04 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 3d95adbf13bbe79dc24dccb401c12091
ssdeep 24576:9tb20pkaCqT5TBWgNQ7ahxr/4/17ego6A:uVg5tQ7ahN/4/1c5
TLSH 0435AE1363DE8364C3BE5173BA1577016EBB782906A1F4FB2FD4093CA9601215E1E6AF
Reporter @cocaman
Tags:exe

Intelligence


File Origin
# of uploads :
1
# of downloads :
42
Origin country :
FR FR
Mail intelligence
Geo location:
Global
Volume:
Low
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Wacatac
Status:
Malicious
First seen:
2020-06-18 08:20:33 UTC
AV detection:
26 of 31 (83.87%)
Threat level
  5/5
Result
Malware family:
lokibot
Score:
  10/10
Tags:
trojan spyware stealer family:lokibot
Behaviour
Suspicious behavior: RenamesItself
Suspicious use of SendNotifyMessage
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetThreadContext
Reads user/profile data of web browsers
Lokibot
Malware Config
Extraction:
http://mecharnise.ir/ea2/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

Executable exe dfeb957fc25e4102bf74a28e214d8ad5488d85b552824e0cd1f3c856f3a62acc

(this sample)

Comments