Extracted

• • Target

    f40f44f01175541ccf44f0c9064487b4.exe

  • Size

    366KB

  • MD5

    f40f44f01175541ccf44f0c9064487b4

  • SHA1

    6d80e10fe597301fbfcbad33822db6a5a018a4e9

  • SHA256

    3d099ea41ca7b6d89c4a5f50abc43e65310c0f306bd18ec4915e1acf193d2117

  • SHA512

    2dade5e729c35888ec9f921a515bdaba935e27090a3acfc137369414d9d3982fa33f87faea258405b91d134f47b04ecac010f7ca1fb61aeadda45d88a33de3ca

  • SSDEEP

    6144:dYa67n4jNXF3tNwqjaeGbBfO6t7epArnuuaCDXqwUjijv:dYebdNweGlO65trnuuVDXtbjv

  Score

  10^/10

  lokibotcollectionspywarestealertrojan

  • Lokibot

    Lokibot is a Password and CryptoCoin Wallet Stealer.

    trojanspywarestealerlokibot

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2