Extracted

• • Target

    ad667bcf5c427135ad2a3e39562b3ba9_JaffaCakes118

  • Size

    410KB

  • MD5

    ad667bcf5c427135ad2a3e39562b3ba9

  • SHA1

    bffe011e51c34e2cb94c1b454ee21a35416af8d7

  • SHA256

    99d8c2377f66aaa26920ad32fcfd5cf7fbb34762b7309b540ad4ac5622a1190a

  • SHA512

    f079b99e166d2984099890d648bffd234e1a2705c544927b79b9c319a899348ee02fadfc7fc7685c3feddeb4a47783a13a4aa18e33d3ea99bdd468b0e4f80cea

  • SSDEEP

    12288:IG55fPfvajKTPIyDKnfj+TPv/SezBWli:IOBPfnTxLPnzG

  Score

  10^/10

  lokibotagilenetcollectionspywarestealertrojan

  • Lokibot

    Lokibot is a Password and CryptoCoin Wallet Stealer.

    trojanspywarestealerlokibot

  • Drops startup file

  • Obfuscated with Agile.Net obfuscator

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    agilenet

  • Uses the VBS compiler for execution

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2