Extracted

• • Target

    6b945a99c5993282d91b91b477b5ab39.bin

  • Size

    121KB

  • MD5

    6b945a99c5993282d91b91b477b5ab39

  • SHA1

    898547225f4524db5fede19542c869adb17402e0

  • SHA256

    707e4c2b113d64b50bfcd585f3236d8beed036fa641cdc6f26ff86e03918db61

  • SHA512

    3587f2a46f3e117cfc73118d577e064bf1cd18441ecddc064a005faf4906a2f428babd0403f15d5693f50292ee54648ee21daa5ea5e234e62bf2152e2a284773

  • SSDEEP

    768:qwAbZSibMX9gRWjtwAbZSibMX9gRWjlbAj+I9CVmKt95BZ10T9t5d1IBU94cbQ4H:qwAlRkwAlRY3mg0T9t5d1yU9VbQ18v

  Score

  10^/10

  lokibotcollectionspywarestealertrojan

  • Lokibot

    Lokibot is a Password and CryptoCoin Wallet Stealer.

    trojanspywarestealerlokibot

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2