MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f9df56ad385fec73bc6f3baf0d08e03f853f191ef975b2e467d3d6eb1ffa01fc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f9df56ad385fec73bc6f3baf0d08e03f853f191ef975b2e467d3d6eb1ffa01fc
SHA3-384 hash: d6f41beca70d095f16a0c8e378567507f3ac7105dd5167e2a8fa9120bb10921b138472eebd0a533cddec84149de70c44
SHA1 hash: 0ab33ba2f6b3a47a7d0bbf844527daed22022042
MD5 hash: afa3323a3f7f13fbe268ac475a2825e5
humanhash: charlie-nitrogen-island-monkey
File name:BRUGES.exe
Download: download sample
Signature Loki
Create hunting rule
File size:90'112 bytes
First seen:2020-05-12 08:35:52 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 6f06a3f86ecfb1d34b069f22af366ee3 (1 x Loki)
ssdeep 768:pkmxeYsPXDB4IzSYm/LY+nyuHWa0+MHeFfu8T1qzcaPFem/:LeRPXD7zSYuznyE0+28RqzBb
Threatray 180 similar samples on MalwareBazaar
TLSH F7933B0A79D4D173DA098AF02F35E7A8045AFCB119518C172AD87B1E2B7BE53F42631B
Reporter abuse_ch
Tags:exe Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: cloud-1cf5e4.managed-vps.net
Sending IP: 72.249.68.76
From: BRUGES <info@icrypto-invest.com>
Subject: RE: Our Covid-19 Package
Attachment: BRUGES.rar (contains "BRUGES.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Fareit-FTAAFA3323A3F7F.13152.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-05-12 07:33:58 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
25 of 31 (80.65%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=7hpvnljyl7whhpdphoxq2chah6ct6gi67f23fzdh2plowh72ah6a._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
47bd044b43d50313e7cb86aa0ab8e63cbbb1673ea0813657fa4fcac76947caaf
Loki
7cc0c6e489cb1b2d1dae70339b9409f9a54fa7d8920430490663b6f28ea4a7b4
Loki
81a658971e7a9f45c2237755d6e1d231f320d1fadf7356927ff782ae2ff22dea
Loki
8b361138d1a485395c9659ea7b607b22b9947abb8fdf8383383103412d9cd4d3
Loki
93be0ad3d1ed15ca1f261a5a21ed71098bc299727ba8e17255612d429dbd9f8a
Loki
9802e8e7e84d1f454d72be9f937a7ad59230de4819f94535c7219bc347c587e2
Loki
b022be4adc35569368e23da7b344c4f9a4ce9efffaf1013d1fc778cb2b58f67f
Loki
c22798f361a044104ff74ee848901f492c204cc185bcd865598677ddd62021b2
Loki
e43b2e9112cfdb0636686ec8994eaf717d159d10daefda23f11588a424468e90
Loki
e44cb40eff38efdf851b40d465ffd44552597c19efa887c90e524fd2b3bca086
Loki
+ 170 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-x25y28shhs/
Behaviour
Suspicious behavior: MapViewOfSection
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

602e29ec291a451cd8b82d7dd2e3c1f2

Loki

Executable exe f9df56ad385fec73bc6f3baf0d08e03f853f191ef975b2e467d3d6eb1ffa01fc

(this sample)

  
Dropped by
MD5 602e29ec291a451cd8b82d7dd2e3c1f2
  
Delivery method
Distributed via e-mail attachment

Comments