Extracted

• • Target

    -Invoice.exe

  • Size

    274KB

  • MD5

    58140a0133fb3e9fdea86ce4f486a525

  • SHA1

    cc8d7dcbcac7d663208a0c55c6cb1b3721697b9b

  • SHA256

    db4039e00a0a08bf2da23a2eb516c83da306ff3f25d266a49fcead9779b1fbcd

  • SHA512

    b77b5308000570f290d5389b35af6e060cad0bc9cf4048c877c4ad92c5b0a83b9870a6519eced52e2682094ee9568c3829043019b5827fe57ae12751e4b0041c

  • SSDEEP

    6144:vYa6PH+xUOZ/MgTVynP9qYYhQBGX5oS+T5JpiY1pYxQ:vY1HAUQwnP9qNJYT5JpYy

  Score

  10^/10

  lokibotcollectionspywarestealertrojan

  • Lokibot

    Lokibot is a Password and CryptoCoin Wallet Stealer.

    trojanspywarestealerlokibot

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2