Extracted

• • Target

    192082743e48b6d1a9ab6041ee7d666d_JaffaCakes118

  • Size

    452KB

  • MD5

    192082743e48b6d1a9ab6041ee7d666d

  • SHA1

    e5e2365e03aadd05d31b1d2f5a3b65bf7e012ff9

  • SHA256

    69ba0f9d9e95b11ae7b24c11e1ad0324052213c795edb08408fe8bfdf93eeffa

  • SHA512

    972847060ee91cbcdfe8575ab441e8f45f71c4e8cd712e129216637cd477a0faf33a994a576a0d52ade88f00d465bdfb3289112f09eedd4a2d89a5861b75e756

  • SSDEEP

    6144:DECDbK9rvuI896b/7Ok8sYfyMXDLb+UqCcB49EUnq7HQYfPgGKF0KhvO1mDNMFUr:DEWC89gYfleHtEOgDNMFUph

  Score

  10^/10

  lokibotcollectionspywarestealertrojan

  • Lokibot

    Lokibot is a Password and CryptoCoin Wallet Stealer.

    trojanspywarestealerlokibot

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2