MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ee4bbc371656858005f8d7f3315d21327f447f7aa521c2e9c2d46799841f3e02. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ee4bbc371656858005f8d7f3315d21327f447f7aa521c2e9c2d46799841f3e02
SHA3-384 hash: 323130bb1b66583100c74a25177492b86528a25e2097979349d779060c7bd63eaf351251b051bd0a009a4663825b838c
SHA1 hash: 37055a8e08d831c617ab4310e6bdceb02f8069d2
MD5 hash: a3be3b74d0ea7f1fb645a7806bff4260
humanhash: johnny-oranges-monkey-freddie
File name:Purchase order.exe
Download: download sample
Signature Loki
Create hunting rule
File size:36'864 bytes
First seen:2020-04-27 23:12:33 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash e06b9161cfe3dce748e123c693650758 (1 x Loki)
ssdeep 384:epKyo0LJAEY4ONJgGZnk4KY9As+DLwkfHGg9zr5H4rUAJ:epKjX60k4KSA/wiWrz
Threatray 1'555 similar samples on MalwareBazaar
TLSH A7F22B63BDAC9033F10E46F90E779758484D3CB72A01A8477E9D7A2CDDB1642AA30B47
Reporter c_APT_ure
Tags:Loki

Intelligence

File Origin
# of uploads :
1
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Dropper.Fareitvb-7534386-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-01-13 15:52:37 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
27 of 31 (87.10%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
netwirerc
Create hunting rule
lokipasswordstealer(pws)
Create hunting rule
guloader
Create hunting rule
Similar samples:
168cd5b5e4d1dfec48777cdc97b74c7b33dca67d176f9add9bb94fa89905db38
Loki
29f4955e8b756287e4a4b37872b8fef347c23749869d0a42e71512051fe6f0ac
Loki
337471a86433031e87027a6459fee04e490ddfc016d4d7eab062e0a1e09ca138
Loki
63a5b27aaccab499d4e56d6606d9495484685be3f63817f9e90a61330bcffe38
Loki
8bbc2e9322af7c28162adfaa66055af70695b2da16b822be4b8b4deb67da405c
Loki
c2a89ad45cb8155c18ddea788ecbc9ba9643ecd4e93e9711a736af4a52091632
Loki
c92140fa8005261ee9d5c20c08fe5fd74816dbabaa1404f61444991db497bac1
Loki
cffb28f48a39b040f06f0563eaaac0a99f06accf37cc5da95383805c17c583c3
Loki
e0a55cba6885e046f0eb064179877af39b10f3d8cc74b8c697ea7c8cda6ab739
Loki
f78f5eeea8bfec17ed985d71b265dd5be1bb90f781004a6a473e2e116abe144e
Loki
+ 1'545 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::__vbaSetSystemError
MSVBVM60.DLL::__vbaObjSetAddref
MSVBVM60.DLL::EVENT_SINK_AddRef

Comments