Extracted

• • Target

    cf39830b73897e3588e5b592ec2ff732.exe

  • Size

    134KB

  • MD5

    cf39830b73897e3588e5b592ec2ff732

  • SHA1

    bce1d08085a637a8347f878261d62218841ad573

  • SHA256

    ecb00bb8fd9f9fb3de654096a3590e73ac39793e1c8dd3e30d8e859b91c257d8

  • SHA512

    ecf7c180f993287a442b0123472af9916dc3eceadf3a78ced43f40165dbafcf5b2af33742d7968cb852c5924d68001d755abca5868d0bbb9c70548825cbec8b8

  • SSDEEP

    3072:WfJSq+ytGIon9KcSMg3tK+fkoBysc4pCFNu7stsmSM55LPVhPQ6e3Gn5h6sZFJ:MEa0NWtDs+ckCFNud8ZFz9msh

  Score

  10^/10

  lokibotcollectionspywarestealertrojan

  • Lokibot

    Lokibot is a Password and CryptoCoin Wallet Stealer.

    trojanspywarestealerlokibot

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2