Extracted

• • Target

    8b3aca2dfeaeb8f1d1e577de9ef211b7_JaffaCakes118

  • Size

    374KB

  • MD5

    8b3aca2dfeaeb8f1d1e577de9ef211b7

  • SHA1

    3d9d027e763f5d70849a552b8e18273a7586dd2c

  • SHA256

    874b051f2252d5a1dd48429bf57c53f19ad1d8b6ec00c68eda437c9676f2efce

  • SHA512

    66b02770756d1b3f288bd37ff9c1fc6fc9efcfa707d9b4dd1a0a20520a0d7c133287f99081df64d7c9bab00fd0933a4f3aa48fdc41fdcf72277a44c6b1eb4dbb

  • SSDEEP

    6144:5hPerPM/xXgPfF/x8FRc5qCCf75XxY2PBt60p1D7VCL2FB/HCAIBisnLk5YzqWdd:5hPerIVgPd/x8FReqCQ5xY6V7swCP8sP

  Score

  10^/10

  lokibotcollectionpersistencespywarestealertrojan

  • Lokibot

    Lokibot is a Password and CryptoCoin Wallet Stealer.

    trojanspywarestealerlokibot

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2