Extracted

• • Target

    f854aea8d5341b58d22eaba1475f554aaf2c904873858bd7b7be997f9bf6ab17

  • Size

    532KB

  • MD5

    abee5a40587b8f1a8f1ca4ceafa8c8b8

  • SHA1

    e422056f9bb9a8333f4bab3c3222753973f894f8

  • SHA256

    f854aea8d5341b58d22eaba1475f554aaf2c904873858bd7b7be997f9bf6ab17

  • SHA512

    14d3e09ce60a1dfd5b6df05a182833c92732b7ec670b29621ac44c81f8c9e239555be0c0fa6d7305cff9bdb4c4c80fdd6d34a45c60272dbca5d968ed88a605e3

  Score

  10^/10

  lokibotcollectionspywarestealersuricatatrojan

  • Lokibot

    Lokibot is a Password and CryptoCoin Wallet Stealer.

    trojanspywarestealerlokibot

  • suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1

    suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1

    suricata

  • suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2

    suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2

    suricata

  • suricata: ET MALWARE LokiBot Checkin

    suricata: ET MALWARE LokiBot Checkin

    suricata

  • suricata: ET MALWARE LokiBot Fake 404 Response

    suricata: ET MALWARE LokiBot Fake 404 Response

    suricata

  • suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1

    suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1

    suricata

  • suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2

    suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2

    suricata

  • suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)

    suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)

    suricata

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1