Extracted

• • Target

    Purchase_items_List.exe

  • Size

    596KB

  • MD5

    b3e40421c6609be05bc116697126146d

  • SHA1

    319e92693d1ef6ea296a945577269625d10ce682

  • SHA256

    cd4247426c4fbd531a62dedb1c599360312f3d48ab0800699f8a54ee4fb88c17

  • SHA512

    b4d7c390c361fe34412dde90d568572884bd7107706925fe32ace39b5c8cb15e8d0ea0d5da407a59ad16d2583c573fc8c199ce820fe5173f966d03ca0cea43cd

  Score

  10^/10

  lokibotbootkitcollectionpersistencespywarestealertrojan

  • Lokibot

    Lokibot is a Password and CryptoCoin Wallet Stealer.

    trojanspywarestealerlokibot

  • Drops startup file

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Adds Run key to start application

    persistence

  • Writes to the Master Boot Record (MBR)

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2