Extracted

• • Target

    b2f5c7f17e78a48a2a0d31138e54995eb71e55410ef7207d570c344c258ef336.exe

  • Size

    1.6MB

  • MD5

    00c9e269db13568cc703bd4273787201

  • SHA1

    162915bdefde5a9a317d5d68eb92f0be67cdf356

  • SHA256

    b2f5c7f17e78a48a2a0d31138e54995eb71e55410ef7207d570c344c258ef336

  • SHA512

    ca7d97c01bb31b312584ca856909f365bd529e517f72ec398051fea5b641a892d6303d482ca58cd7fe2e6c9847bbc964939fb187a434200dc74c98500a0cdb97

  • SSDEEP

    12288:EmIbRtHUB7lceAvWDlwFnJCSVDKhEzkpgOim0TC+j2oHa5CiDWKGmGYqITrpmc:cy0Tv6osFqITrpH

  Score

  10^/10

  lokibotcollectionspywarestealertrojan

  • Lokibot

    Lokibot is a Password and CryptoCoin Wallet Stealer.

    trojanspywarestealerlokibot

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2