MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 faac07736e1c735a2b4028b9a77bcf0897944e3ce16977c61b6af1b45592d6b0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Loki


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: faac07736e1c735a2b4028b9a77bcf0897944e3ce16977c61b6af1b45592d6b0
SHA3-384 hash: 16a1d10454a8a61384249a80406b06ae1649884e84b85e2f073415dd81fa778abbde726923c14daa38bb51b161a57532
SHA1 hash: acc89ddff96aa65c57465cdf0e425abc8e4c6152
MD5 hash: c5c0b0b5155a76c8037160aacca73866
humanhash: lima-triple-fix-muppet
File name:dhlg11057.exe
Download: download sample
Signature Loki
Create hunting rule
File size:77'824 bytes
First seen:2020-06-01 12:10:35 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 0e3edd469406cf0a41b1d001df9d5340 (1 x Loki, 1 x GuLoader)
ssdeep 768:I1oXuCv0eAR5m1agRiY6n3W7UtNtwWdFl2TEvfgyNBR9lN8rvtju:I1o+Mu5WRihQUlwW0TYFsly
Threatray 1'102 similar samples on MalwareBazaar
TLSH 5D731A2EBE588264F44549B11459D062BB2ABC3254069E0FB3007F9ABC76987FCF573B
Reporter jarumlus
Tags:Loki

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Dropper.NetWire-7993073-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-06-01 12:35:49 UTC
AV detection:
32 of 48 (66.67%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=7kwao43odrzvuk2afc42o66pbclzitr44fuxprq3nly3ivms22ya._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
05a1356768e4475daeebaae76e486705d2d920e7e4d511c1436ea3f9a650c1df
Loki
1403d5f33c1379c32f1cb03b1c72d317b81541532647386e7aef8ba51f4c18c6
Loki
474233cdd3d96bddb9f6733b5345cd411ed3bc141f462d77849f1294900b0aac
Loki
5344451622e4d4ac6036cdacefa0e5299843a2aee428cd643bcc663630b3b3de
Loki
729c73ab057bc16133a582db643fc4654c806e76fa70d98dd82923b4f198c285
Loki
748970d868ca12ef96a98cad33b9f3c7bf7ab20ce2e595d4fdaab152e50b29c8
Loki
8255284fa792c767fd2464364f12f297fa92a38383d2303d7cf9dcb8b74bdfa5
Loki
a0da1c24eb6a23bd435cf8787a335324b0dd654bfe01ab76a41c5c3cbab48fe2
Loki
a0ef6565b8fed20e76a7fc22c4627c0a62b6d5bdc3b79b7901a00e236060ee2b
Loki
d99947df7b80d4cf1f998cd4c205df67be0afc6ab0d9b4d92988b1aeccc1bf0c
Loki
+ 1'092 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-3krrdegw6s/
Behaviour
Suspicious behavior: MapViewOfSection
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of SetThreadContext
Legitimate hosting services abused for malware hosting/C2
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Loki

ace 9815061ddb221f6a603e73233f3dca89069071303cdd6e5845d8811b1f1126c1

Loki

Executable exe faac07736e1c735a2b4028b9a77bcf0897944e3ce16977c61b6af1b45592d6b0

(this sample)

  
Dropped by
MD5 452ff11123bc371c3cf9298cc5fbca1f
  
Dropped by
SHA256 9815061ddb221f6a603e73233f3dca89069071303cdd6e5845d8811b1f1126c1
  
Delivery method
Distributed via e-mail attachment

Comments