Extracted

• • Target

    46A05.CO.exe

  • Size

    533KB

  • MD5

    5f7378a03aa70ca7f2da90fa87fd85e9

  • SHA1

    25eb0c72c4eaecc342317c35880adbbb3f5eba01

  • SHA256

    89f7f601216e8c0364524db378f16a0298616bd614c17088e9cc4070357e6931

  • SHA512

    7536eaeeb8b0a6aa0b0040d3e05d8c3be3fa6b779922e8f50994ea69c211563e923e108caf1cd305614d03b80bffbd41e0ebcc229c3caf35a8c23e777ce8dba2

  Score

  10^/10

  lokibotcollectionspywarestealersuricatatrojan

  • Lokibot

    Lokibot is a Password and CryptoCoin Wallet Stealer.

    trojanspywarestealerlokibot

  • suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1

    suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1

    suricata

  • suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2

    suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2

    suricata

  • suricata: ET MALWARE LokiBot Checkin

    suricata: ET MALWARE LokiBot Checkin

    suricata

  • suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1

    suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1

    suricata

  • suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2

    suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2

    suricata

  • suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)

    suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)

    suricata

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2