Extracted

• • Target

    69c0691c823d07064b85f2a73f032c1d_JaffaCakes118

  • Size

    774KB

  • MD5

    69c0691c823d07064b85f2a73f032c1d

  • SHA1

    f31c7a59e92cf197b9d7a404c5326f6513bbb7c0

  • SHA256

    56f8dffbbc7642a2e2296c03de67dc88be87b745d17ce2cea9fd7d28fb00eff3

  • SHA512

    4439f2e23e67dc6a37373922e7a8d426aae38deeb368a63d0bdc6e95a0d5670e13218ffd1291b2ec30f92a084219db998819742403349c63a687e6c8139a5702

  • SSDEEP

    6144:Z4g24ZKDkyDMN5UfzlXI1sGlamp+1Mus4c1T0hG7yy5i3qSbs9wLhY7:1244tDrblY1Rlamhu0oqy74uL+

  Score

  10^/10

  lokibotagilenetcollectionspywarestealertrojan

  • Lokibot

    Lokibot is a Password and CryptoCoin Wallet Stealer.

    trojanspywarestealerlokibot

  • Obfuscated with Agile.Net obfuscator

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    agilenet

  • Uses the VBS compiler for execution

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2