Extracted

• • Target

    ex2d.bin

  • Size

    1.0MB

  • MD5

    9c727dc787a39ab9b922995de8c1ad99

  • SHA1

    1a0fab414c33759fdecbec52460a8d596c434a19

  • SHA256

    1e414463710f5eee406e44815894e93a945289a50a2e8cfa9deef40d7c2e2de3

  • SHA512

    c74691ca8821faed1a8cd2ab7112e91ba90326a24e01a3f7077ae179c8b458452784b0634b19242795ee2b025ae689f8e08d8b01f5d2552b9df2a9ae60536e35

  • SSDEEP

    24576:rmoO8itEqfZBBoIroaajDce2wia6Gx9UtZmSx00MNFe32UkqD/XDuH+o:qvZrrZU56cc8NFe32UkC+f

  Score

  10^/10

  lokibotmodiloadercollectionpersistencespywarestealertrojan

  • Lokibot

    Lokibot is a Password and CryptoCoin Wallet Stealer.

    trojanspywarestealerlokibot

  • ModiLoader, DBatLoader

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    trojanmodiloader

  • ModiLoader First Stage

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Accesses Microsoft Outlook profiles

    collection

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2