MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e59a9f5da7389d07f3649a20a9e10135b7ab42c2c9711e8990b32aa3aa79eac8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Intelligence 2 File information 4 Yara 3 Comments

SHA256 hash: e59a9f5da7389d07f3649a20a9e10135b7ab42c2c9711e8990b32aa3aa79eac8
SHA3-384 hash: 445c67347a4fbb51dc8b5ed4133182fd7238c44712eb846279c7daf99943a772843880d7790f52ed7492377d97d04fef
SHA1 hash: b2e8a3ced8d1a4ef15432892ed2998920d4b7cd0
MD5 hash: 9d99b9aff2251ca3b2ab0658ab1ec0a6
humanhash: red-fruit-princess-hawaii
File name:PO-USD#04072018.exe
Download: download sample
Signature Loki
File size:214'338 bytes
First seen:2020-06-30 08:53:47 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 7c2c71dfce9a27650634dc8b1ca03bf0
ssdeep 3072:zPqRxga51PDBfcRFbCa4d+N1QHqnzibPOh6pptOnjB1JOW/q/qK/4Bdf:zPCganNeJV4omHqnzfQpp0nLoW/QN4Df
TLSH EF24025B6BA0D8BBC2580A7115397ABBEFAD5E2401412F0B1FA13E173C7B1425E0F65E
Reporter @jarumlus


Mail intelligence
Trap location Impact
Global Low
NL Netherlands Low
# of uploads 1
# of downloads 30
Origin country US US
CAPE Sandbox Detection:Loki
ClamAV PUA.Win.Downloader.Soft32downloader-6691270-0
CERT.PL MWDB Detection:n/a
ReversingLabs :Status:Malicious
Threat name:Win32.Trojan.Swotter
First seen:2020-06-30 08:55:06 UTC
AV detection:24 of 31 (77.42%)
Threat level:   2/5
Spamhaus Hash Blocklist :Malicious file
Hatching Triage Score:   10/10
Malware Family:lokibot
Tags:spyware trojan stealer family:lokibot
Config extraction:
VirusTotal:Virustotal results 24.66%

Yara Signatures

Rule name:Lokibot
Author:JPCERT/CC Incident Response Group
Description:detect Lokibot in memory
Reference:internal research
Rule name:win_lokipws_auto
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator
Rule name:with_sqlite
Author:Julian J. Gonzalez <>
Description:Rule to detect the presence of SQLite data in raw image

File information

The table below shows additional information about this malware sample such as delivery method and external references.



Executable exe e59a9f5da7389d07f3649a20a9e10135b7ab42c2c9711e8990b32aa3aa79eac8

(this sample)

Delivery method
Distributed via e-mail attachment