MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f9df56ad385fec73bc6f3baf0d08e03f853f191ef975b2e467d3d6eb1ffa01fc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



Loki


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments

SHA256 hash: f9df56ad385fec73bc6f3baf0d08e03f853f191ef975b2e467d3d6eb1ffa01fc
SHA3-384 hash: d6f41beca70d095f16a0c8e378567507f3ac7105dd5167e2a8fa9120bb10921b138472eebd0a533cddec84149de70c44
SHA1 hash: 0ab33ba2f6b3a47a7d0bbf844527daed22022042
MD5 hash: afa3323a3f7f13fbe268ac475a2825e5
humanhash: charlie-nitrogen-island-monkey
File name:BRUGES.exe
Download: download sample
Signature Loki
File size:90'112 bytes
First seen:2020-05-12 08:35:52 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 6f06a3f86ecfb1d34b069f22af366ee3 (1 x Loki)
ssdeep 768:pkmxeYsPXDB4IzSYm/LY+nyuHWa0+MHeFfu8T1qzcaPFem/:LeRPXD7zSYuznyE0+28RqzBb
Threatray 180 similar samples on MalwareBazaar
TLSH F7933B0A79D4D173DA098AF02F35E7A8045AFCB119518C172AD87B1E2B7BE53F42631B
Reporter abuse_ch
Tags:exe Loki


Avatar
abuse_ch
Malspam distributing Loki:

HELO: cloud-1cf5e4.managed-vps.net
Sending IP: 72.249.68.76
From: BRUGES <info@icrypto-invest.com>
Subject: RE: Our Covid-19 Package
Attachment: BRUGES.rar (contains "BRUGES.exe")

Intelligence


File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Fareit
Status:
Malicious
First seen:
2020-05-12 07:33:58 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
25 of 31 (80.65%)
Threat level:
  2/5
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Behaviour
Suspicious behavior: MapViewOfSection
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information


The table below shows additional information about this malware sample such as delivery method and external references.

602e29ec291a451cd8b82d7dd2e3c1f2

Loki

Executable exe f9df56ad385fec73bc6f3baf0d08e03f853f191ef975b2e467d3d6eb1ffa01fc

(this sample)

  
Dropped by
MD5 602e29ec291a451cd8b82d7dd2e3c1f2
  
Delivery method
Distributed via e-mail attachment

Comments