Extracted

• • Target

    tmp

  • Size

    435KB

  • MD5

    132c7d06837aef1a2a246866c3220918

  • SHA1

    e1ac0c3544e83bc1a3faad2c17357a9eb0e37f33

  • SHA256

    22797d4f15b39d839cbb87cd4e0c302cef10d6ac7abab71f06cb87e98efa4463

  • SHA512

    83b30a1b5d17ff227abdc4f14f31565c56cee0a95378ba3e9453931d21f514d993505429dc5309579feadf55952c4c3fba74a54fb04a1674fd3bc0e9ac4e1ad4

  Score

  10^/10

  lokibotcollectionspywarestealersuricatatrojan

  • Lokibot

    Lokibot is a Password and CryptoCoin Wallet Stealer.

    trojanspywarestealerlokibot

  • suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1

    suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1

    suricata

  • suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2

    suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2

    suricata

  • suricata: ET MALWARE LokiBot Checkin

    suricata: ET MALWARE LokiBot Checkin

    suricata

  • suricata: ET MALWARE LokiBot Fake 404 Response

    suricata: ET MALWARE LokiBot Fake 404 Response

    suricata

  • suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1

    suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1

    suricata

  • suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2

    suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2

    suricata

  • suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)

    suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)

    suricata

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2