Extracted

• • Target

    9b5f04b58d83c067c57bd8fc882566c2d11e082e7fcfc80bb235d7ad1fb2753c

  • Size

    361KB

  • MD5

    e66d99ac51923a4464514e0efd451da8

  • SHA1

    315a824fa28e1a6cf758fa7a7addd2af19b44084

  • SHA256

    9b5f04b58d83c067c57bd8fc882566c2d11e082e7fcfc80bb235d7ad1fb2753c

  • SHA512

    e30dc4d3a0ba98b73f7e8e81c431a3393ec046a1e7e69003cf967d7ff3259f906006e3a02a43dbced3d684096517a60d2df929807f76d07f23086944a2c3fe2c

  • SSDEEP

    6144:bYa6M86ODE4GKwjSIs7mxFcTqXSNZC+WrW5WdPXIxqQdBCkbi67:bY6pGE4GZjS+xFcT5Pmibi67

  Score

  10^/10

  lokibotcollectionspywarestealertrojan

  • Lokibot

    Lokibot is a Password and CryptoCoin Wallet Stealer.

    trojanspywarestealerlokibot

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1