Extracted

• • Target

    6cbd76ecbb8d04b263e10fd679acae33201e9d468b0dbcfce80b343efaae20eb.exe

  • Size

    217KB

  • MD5

    2cdb13d0611023b8496cb5ba9a5f59db

  • SHA1

    2a20f9f6dc9a9be0553a2614538e5fada5dfbd54

  • SHA256

    6cbd76ecbb8d04b263e10fd679acae33201e9d468b0dbcfce80b343efaae20eb

  • SHA512

    5a50076c0f1ab10bf38377460a80094f6e0d4ab846992a342d48de37daac66355bc5f3e22b81d2825744720716c4105ca29d5fb30157f40bbcf58af7985c5f28

  • SSDEEP

    6144:vYa6Hg5j1ktqoHgDxmGIo5CoE8Js1LcdYUg:vYV2k3ADx3L5JNs1IdYUg

  Score

  10^/10

  lokibotcollectionspywarestealertrojan

  • Lokibot

    Lokibot is a Password and CryptoCoin Wallet Stealer.

    trojanspywarestealerlokibot

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2