Extracted

• • Target

    7fcaedf4746c6cdafa0952b19f91cd76_JaffaCakes118

  • Size

    220KB

  • MD5

    7fcaedf4746c6cdafa0952b19f91cd76

  • SHA1

    d93b124f1d39ac442bc3e84a5808f9402f63307c

  • SHA256

    1599f071f87e26b764e7ff5900104986c92466bbca26105a4b1ab7247b63a659

  • SHA512

    147f989e5351f2b718faa9862ca5f64d1b5b6d7c47b464ae81fb783f4e68b9f092080a1fec763a30a0739aec845e79c6df71de1f262de59d037c727e9b0a102c

  • SSDEEP

    6144:ySQyaw5SeZ0zBNgTGNKEXcxb1mbAMfzRo1f8XOUrZBAbYtk:yby/5/Sz/gTGNKsSmbAMfVoaXJ3+5

  Score

  10^/10

  lokibotcollectionspywarestealertrojan

  • Lokibot

    Lokibot is a Password and CryptoCoin Wallet Stealer.

    trojanspywarestealerlokibot

  • Drops startup file

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2