MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fa905ffdb00ec8867a003c49ebfa43f6ff96b890c40b3fe31b0fc40bb344ded0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fa905ffdb00ec8867a003c49ebfa43f6ff96b890c40b3fe31b0fc40bb344ded0
SHA3-384 hash: c25815f36e92c4425ac5768232cbcf3762049663241ca56a94e7b28fd7ecba350064dd6f519a163897aa781c0e8084c1
SHA1 hash: ad0eaa7865664422964cea62b107b64d578f1725
MD5 hash: 980722f5196ad004a168d6a4a1c3d244
humanhash: east-papa-gee-carpet
File name:ID547-MSC-202041789(BL DRAFT).gz.exe
Download: download sample
Signature Loki
Create hunting rule
File size:217'088 bytes
First seen:2020-04-24 04:47:46 UTC
Last seen:2020-04-24 06:08:19 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 467b843b3a7f52c9591a01633eacee05 (1 x Loki, 1 x GuLoader)
ssdeep 1536:o/cOdHKipZnW4zPyd8YDj9S0s8SLcgrtl7gM8/Rb0FrBxmH0MUr:TgH/p6yYdvjSn/kH/Rql60Mq
Threatray 1'612 similar samples on MalwareBazaar
TLSH B1240842ACB49963C71446315FEAE7BEC35CBDC0D9D5CA4F2080771BAF33296266252E
Reporter cocaman
Tags:exe Loki

Intelligence

File Origin
# of uploads :
3
# of downloads :
97
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.VBGeneric-7685592-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-04-24 07:36:00 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=7kif77nqb3eim6qahre6x6sd637znoeqyqft7yy3b7caxm2e33ia._file
Verdict:
malicious
Label(s):
lokipasswordstealer(pws)
Create hunting rule
guloader
Create hunting rule
Similar samples:
4b610516f134b6efb2100a2e298a70b573be1cd6c4d653af007b907f11ff065e
Loki
5a30aa9032bf9eb86209f176404481e70fa108b689330a2544ce0b54fa959ab4
Loki
6ba2ab2afade3c48fb86ce5290a0980f19e901117033cb723cfd48b3ab2c6888
Loki
8b791216101006bea031bc4ff657001f95cd58ed1db4429a242d79050f947d40
Loki
983a50787533f7fb48c7aeccfe0cc8ea3b16a76a39b22a1668ef800ed56556f6
Loki
ae6a500ab45e86279c34a92c49d12f73716f0a492075180cdad48a761bf38b49
Loki
b666f8a605a45edebf5a3980675d00b84343a9b3c7a6d00fb90c37f40b55ac57
Loki
cebf765590be725ca5f5589e51a0e81236f6e63dae47f1cdff6029429827c0be
Loki
eec46d65be09a86f25c891d462671a7a0b3140ee4a8a6ac0a9fa7e1c56a8cb40
Loki
f6acfb0076b3a4e817b12f1f4e91eb89dbeeee1bca29d591949b73dfb604ef68
Loki
+ 1'602 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

gz 8eed42767803e8764583060dd08efb11fdf8bec0bf01bef2ff19815f4eb6962c

Loki

Executable exe fa905ffdb00ec8867a003c49ebfa43f6ff96b890c40b3fe31b0fc40bb344ded0

(this sample)

  
Delivery method
Other
  
Dropped by
SHA256 8eed42767803e8764583060dd08efb11fdf8bec0bf01bef2ff19815f4eb6962c

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
VB_APILegacy Visual Basic API usedMSVBVM60.DLL::EVENT_SINK_AddRef

Comments