Extracted

• • Target

    9a784ecdb9c3f17cb0ce22bbfa5ff8cc.exe

  • Size

    368KB

  • MD5

    9a784ecdb9c3f17cb0ce22bbfa5ff8cc

  • SHA1

    9bf266d003de99d2bb2ee338e30cf5e72f57cf3f

  • SHA256

    07d6addb52e531a21877d4a71131fd16f3117a0576c0aa3849c442bc6f0a6428

  • SHA512

    2b9ab641a7a55220505ce440d4beb923b15ce91e30ed1442ea115d1a4c202e5e8e6b72f82d987283e184d0cf663586f77e5e9aec5a1dfcf82d981cb9d5a31911

  • SSDEEP

    6144:xYa6gGOll8k3moVAtqdeEEP8vIeOZE7yIGDS9d+uiN7V+8GSfim:xYV+3mnuePkQe37vedN7VTGsim

  Score

  10^/10

  lokibotcollectionspywarestealertrojan

  • Lokibot

    Lokibot is a Password and CryptoCoin Wallet Stealer.

    trojanspywarestealerlokibot

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2