Extracted

• • Target

    54ff66195ece9c1508de2c1c109a194b_JaffaCakes118

  • Size

    345KB

  • MD5

    54ff66195ece9c1508de2c1c109a194b

  • SHA1

    0deaf8baa74951daa4115c3abafbe220f091418f

  • SHA256

    abfdb8ec52a42b83d076b3263305a947210cbd6466ed8c95996fb0c66fd12416

  • SHA512

    6889479d060c802d2dbb1eb575d0a2c6c7b2666029daff531c31a553c6cf16fc76171be90ef39ca0165ecd55a1e63c8c19aeed533d221707e914452313421db2

  • SSDEEP

    6144:Dfk6ZOyT3cxomesU25oVbET7L+eWMVZGD/0DMGHaENnK9GwrxL8dF2L/f8:7anU25oZS+0VZGhGHaP4wlR7f8

  Score

  10^/10

  lokibotcollectionspywarestealertrojan

  • Lokibot

    Lokibot is a Password and CryptoCoin Wallet Stealer.

    trojanspywarestealerlokibot

  • Drops startup file

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2