Extracted

• • Target

    e52cba3efb32143826a40fc7e669b6cec50af0072d759ca6da897118d1366d27

  • Size

    1.7MB

  • MD5

    b44301c16d3728d0c0c4e8eb3906f9ba

  • SHA1

    3124500116864fafb30f277d9f1c8d44c8149cfa

  • SHA256

    e52cba3efb32143826a40fc7e669b6cec50af0072d759ca6da897118d1366d27

  • SHA512

    c243dbad435bc3a5be17aab52dd5dc7fafefe4969b81be8d1ca8501ec934657619c389a5498561301d434f3fa131c6b5c1c5d7418b4a6f79b6175041c2e1b004

  Score

  10^/10

  lokibotbootkitcollectionpersistencespywarestealertrojan

  • Lokibot

    Lokibot is a Password and CryptoCoin Wallet Stealer.

    trojanspywarestealerlokibot

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Writes to the Master Boot Record (MBR)

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2