Extracted

• • Target

    3e67075e2feae17f7b15640bafd93d8f129d288665065c46351341e50febfda7

  • Size

    574KB

  • MD5

    a9952b4391aaf6a1e11c325f1410cc79

  • SHA1

    0a83f8fc195c65e249a079c98e004b4898cc83e0

  • SHA256

    3e67075e2feae17f7b15640bafd93d8f129d288665065c46351341e50febfda7

  • SHA512

    c57989a0d5d615ab6cc4834df586afbc1f6a6ede8ad4229fe6654ce2a2154fea2e6941df12e4d67767a9c72556002f0e4e84739c3bd91130d90356cefc21c81a

  Score

  10^/10

  lokibotbootkitcollectionpersistencespywarestealertrojan

  • Lokibot

    Lokibot is a Password and CryptoCoin Wallet Stealer.

    trojanspywarestealerlokibot

  • Drops startup file

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Adds Run key to start application

    persistence

  • Writes to the Master Boot Record (MBR)

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2