Extracted

• • Target

    454d33cc9f8b60dbeb25387225150de7a87a0dcb6fed30d3be63f51c23dd9b51

  • Size

    700KB

  • MD5

    d84e744f2f2c4e652875dc37f916c740

  • SHA1

    aaab8483730ce851955193835af5d9aa3294ce45

  • SHA256

    454d33cc9f8b60dbeb25387225150de7a87a0dcb6fed30d3be63f51c23dd9b51

  • SHA512

    ab5f7b7fd7e0c1f01026cc2e256ec3e96f2df5b3710a8c2a3c20d5bd52f7a2b3576aebcd7d538c9ed62055d627dc5dad3000c9f0133894749de3e6d0b6edb253

  Score

  10^/10

  upxlokibotcollectionspywarestealertrojan

  • Lokibot

    Lokibot is a Password and CryptoCoin Wallet Stealer.

    trojanspywarestealerlokibot

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Drops startup file

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2