Extracted

• • Target

    767fad8469801daac50f5365709e0149_JaffaCakes118

  • Size

    532KB

  • MD5

    767fad8469801daac50f5365709e0149

  • SHA1

    61644800d1d9e46a2cd0e628bed9fd68f62428e0

  • SHA256

    744efffd117bb492d7707a2d16ae3e16dc65ea52b475c4b1f8d993f66f89f08c

  • SHA512

    554bd5dcd661e60a07a60deb116032eaa1b041ca1ba00b27bb9136b986cac8e7c80d456f75b789458f98bccb671a521b636901e192ca561bfaefa4eccf24ff18

  • SSDEEP

    6144:lEBrHvFzum8tLMmbRLHMTg2N6lpiKYeWPo+X84xLy57:lEjItLMMJMqlpHp4

  Score

  10^/10

  lokibotcollectionspywarestealertrojan

  • Lokibot

    Lokibot is a Password and CryptoCoin Wallet Stealer.

    trojanspywarestealerlokibot

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2