Extracted

• • Target

    39785a54266c4913b1c742438a591dd0_JaffaCakes118

  • Size

    276KB

  • MD5

    39785a54266c4913b1c742438a591dd0

  • SHA1

    f9420bc46643a0257bc64b05bb584db01a0d2eb2

  • SHA256

    f2a8196758ba541344e90a320f4c01d93e83aae305d6dfde5d96f6444cf30a5f

  • SHA512

    4f4b75134ad2a2d97447dda49440b81ebe72870901066fa5319f7144102b781efd2e339d6ef516a45a5761f7e51a9f13b0befd8a31cf07c6b15939e2d689e7cb

  • SSDEEP

    6144:3E0yyMaPnpTFg3c4LR5BodhWWYR6gn6CyFlo5s+CG9FsEpkKBFaPwdg:3E8pvpTFOXN5wWpUrmC4DR3ao

  Score

  10^/10

  lokibotcollectionspywarestealertrojan

  • Lokibot

    Lokibot is a Password and CryptoCoin Wallet Stealer.

    trojanspywarestealerlokibot

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2