MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e849a38df88dfb8d4f44b1ce6c303a9262a98ae68c610baf1b1f9f2c89e438c4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e849a38df88dfb8d4f44b1ce6c303a9262a98ae68c610baf1b1f9f2c89e438c4
SHA3-384 hash: 1361289c51be3d3d914897d3fc6df5c9b56c2225f30def1cf737a860b4e389e673e8c2d4a8a1e5faa7de85923eb64001
SHA1 hash: 2ba3af981fe7179018bc956d68a34eab90e8bced
MD5 hash: 3b000df644561426bd51084616589441
humanhash: mirror-magnesium-video-chicken
File name:PDF.exe
Download: download sample
Signature Loki
Create hunting rule
File size:122'880 bytes
First seen:2020-03-18 11:42:14 UTC
Last seen:2020-03-18 13:39:08 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 608ee0d6dab6eec60cb0fbeb328382cb (1 x Loki)
ssdeep 1536:/vsKIuJI+9+jQivYEbaDfNWGy+wzaJBAEtLbUJ8GlJgr:JxIS+jvTLaYSbK8Qgr
Threatray 2'197 similar samples on MalwareBazaar
TLSH C6C36D82FB50D937D119893EBC46E292091FBC6469C2D9473A987B2F78F40B2CE5D721
Reporter jarumlus
Tags:Loki Lokibot

Intelligence

File Origin
# of uploads :
2
# of downloads :
178
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.Vebzenpak-7639837-0
Create hunting rule

Win.Trojan.Agensla-7639840-0
Create hunting rule

Win.Dropper.Gamarue-7639841-0
Create hunting rule

Win.Malware.Vebzenpak-7639843-0
Create hunting rule

Win.Malware.Vebzenpak-7639845-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Androm
Create hunting rule
Status:
Malicious
First seen:
2020-03-18 09:17:42 UTC
AV detection:
27 of 30 (90.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=5be2hdpyrx5y2t2ewhhgymb2sjrktcxgrrqqxly3d6pszcpehdca._file
Verdict:
malicious
Label(s):
lokipasswordstealer(pws)
Create hunting rule
guloader
Create hunting rule
Similar samples:
189c0fda489ea4a4e4b75f9bbc27e871be591632ba219b86a63d8b1168dde1ef
Loki
277ad2e30607538075324d56c194f6256f2a37245f952038d709f237545bf0f1
Loki
4b610516f134b6efb2100a2e298a70b573be1cd6c4d653af007b907f11ff065e
Loki
58faef99e4fcfd4f1b48907d4dcc145c0aa1013e43d938abd7a164ff46104975
Loki
5a30aa9032bf9eb86209f176404481e70fa108b689330a2544ce0b54fa959ab4
Loki
66b739f45f7fe7f1df837a8ddbe8f2f48ba67af8c241273d00e0c890fcc9f312
Loki
8b791216101006bea031bc4ff657001f95cd58ed1db4429a242d79050f947d40
Loki
ae6a500ab45e86279c34a92c49d12f73716f0a492075180cdad48a761bf38b49
Loki
bed06510d878aedc81671ebf83fb2dd246f88de58514124d166e0831b4d9c4d0
Loki
cc5bec641350dbb0a00bd08c0c6d7b8e1b7f4d486a1319a0c09a9f7e9c7f4a0c
Loki
+ 2'187 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e849a38df88dfb8d4f44b1ce6c303a9262a98ae68c610baf1b1f9f2c89e438c4

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::EVENT_SINK_AddRef

Comments