Extracted

• • Target

    10f00b9571c2ca08223254712e04cb34_JaffaCakes118

  • Size

    224KB

  • MD5

    10f00b9571c2ca08223254712e04cb34

  • SHA1

    78776ff2a1031f021b4764069177d105b40998f2

  • SHA256

    6dce87b276d0486a8d39d71e4c4f5834ff0f9b39c9af76e70f58c3b8d3397ce8

  • SHA512

    f6a957f921a8ddcc3597c14161c3764f69f9f02429c6fcd9558bb10138258be29871135efcce86c6a38c68ccb3697cde7baa8402b3371eebcf17ecb12d3ea256

  • SSDEEP

    6144:KkK5q1uHSmmVvwiFUl2UnwmsdpxsW4SYmOZnPWeQCSJ:B8tHSmmlwi5ysdp+hSYmOZnPWeQCS

  Score

  10^/10

  lokibotcollectionspywarestealertrojan

  • Lokibot

    Lokibot is a Password and CryptoCoin Wallet Stealer.

    trojanspywarestealerlokibot

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2