Extracted

• • Target

    4508bb625c6944b5d749fc10d9abef3ecdbeef7a58c6607b07597311d8f48cb1

  • Size

    198KB

  • MD5

    3eab5d298c5423ff30cef60036c43472

  • SHA1

    4fd1130b9c5fd2d11e5aa8f2d600fed73b59e636

  • SHA256

    4508bb625c6944b5d749fc10d9abef3ecdbeef7a58c6607b07597311d8f48cb1

  • SHA512

    497895b549a67d7a10e6c59f71cc42fb11a026184e676cd9af7328a4e0165662ac6c923e37cc693a6a5f4326836e4f96aba5c81d68348eff4bf97e964ccdd43e

  Score

  10^/10

  lokibotcollectionspywarestealertrojan

  • Lokibot

    Lokibot is a Password and CryptoCoin Wallet Stealer.

    trojanspywarestealerlokibot

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2