Extracted

• • Target

    57525553f478e9944c206ceae332247dd9c45adab024d1e4a19b52cf124a01b3

  • Size

    256KB

  • MD5

    7826a79492c0378c3e69a18eadbeb67d

  • SHA1

    28b19fb0612ff0679f6c49a3113a4ca542904626

  • SHA256

    57525553f478e9944c206ceae332247dd9c45adab024d1e4a19b52cf124a01b3

  • SHA512

    fd2ebcae2f1aa1cae396c31dc0c7d2c0e3c15c942588a7c0483ebcfc0fdd8f644831339a95e294a253f05a35e272e9d60bec841f30fd910a954349a32a070c5a

  • SSDEEP

    6144:4weEWT44R2GZzuj7Fko78xZEg6Nfshbw4bxarkRaQ8lQQNlLfUx+:sXJbgrzGQN1fUM

  Score

  10^/10

  lokibotcollectionpersistencespywarestealertrojan

  • Lokibot

    Lokibot is a Password and CryptoCoin Wallet Stealer.

    trojanspywarestealerlokibot

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2