Extracted

• • Target

    9632628f4b25e22bf57a5fb1010daf4e.exe

  • Size

    236KB

  • MD5

    9632628f4b25e22bf57a5fb1010daf4e

  • SHA1

    339706d04fbc6c4a0e3cad9c8a12d7b88a8a0dcb

  • SHA256

    e524d7c7a6d4ade2651a65b9d0c5e162532a70495b957b9a5d34dcaaace571fe

  • SHA512

    7411d58528caa6576a5f6433306d9d44c83e3bc8b2ac565a5b0db16d5097d3c8b7f574ce1247aa04f4b33ab97b611b7ce2e74866fb082c77c7c4e84b9752af66

  • SSDEEP

    6144:QBn1PO9HgFIUgwXVH/7/Gf5emejH+PgDSD9LV9Gj4WhwW:gPOhCXVf7/GJnPFDosW

  Score

  10^/10

  lokibotcollectionspywarestealertrojan

  • Lokibot

    Lokibot is a Password and CryptoCoin Wallet Stealer.

    trojanspywarestealerlokibot

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2