Extracted

• • Target

    b1e251aae227fb02659cfa8555e2794c

  • Size

    797KB

  • MD5

    b1e251aae227fb02659cfa8555e2794c

  • SHA1

    b4576d78ac5821cb5feccbe93b7fef88bc0e0997

  • SHA256

    357d3ec91867d7a5a1a0effeba56f9e4d07c7c8b98cdf84294eeabd9f80dd516

  • SHA512

    2c7065931d47a3358fc577bc74ef251a80677109fa4176e08d7f52c3fecf85f11e68fa79d51461872ba12c36d569213108abe6797fe397287977a71c36e68afe

  Score

  10^/10

  lokibotcollectionspywarestealersuricatatrojan

  • Lokibot

    Lokibot is a Password and CryptoCoin Wallet Stealer.

    trojanspywarestealerlokibot

  • suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1

    suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1

    suricata

  • suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2

    suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2

    suricata

  • suricata: ET MALWARE LokiBot Checkin

    suricata: ET MALWARE LokiBot Checkin

    suricata

  • suricata: ET MALWARE LokiBot Fake 404 Response

    suricata: ET MALWARE LokiBot Fake 404 Response

    suricata

  • suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1

    suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1

    suricata

  • suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2

    suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2

    suricata

  • suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)

    suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)

    suricata

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2