Extracted

• • Target

    HBL#SFSLDTG004-22 LCL CONTAINER.xlsx

  • Size

    100KB

  • MD5

    4a58e87883bdb81773a0ba002bf1e255

  • SHA1

    a1832b0b19d0fe264d1f3809551388dd6e881388

  • SHA256

    d4572ecacc6c6f619b0b457438d91251345f6070e031ad5aca2ea910756f03b1

  • SHA512

    3cb4f33e4a884ecfe791289401d6e0d4bef5ee80331ad59fc00623ade1a96fd61cbd2d59a5ad92c4a00699a671c46b6880cfb4c8b3c7bfa2ca2a6a97bba8b913

  • SSDEEP

    1536:6jJPcbzCXXta/cRGGuDaCdE4M0qh5LcP9jg7Eb52Pg8IGnXvNS4GvTttuFybpD9U:6jJkbUtDKvKh/PLcFkJp/iGFPX

  Score

  10^/10

  lokibotcollectionspywarestealertrojan

  • Lokibot

    Lokibot is a Password and CryptoCoin Wallet Stealer.

    trojanspywarestealerlokibot

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2