Extracted

• • Target

    f48645f93407473fccd3d921827b876e.rtf

  • Size

    63KB

  • MD5

    f48645f93407473fccd3d921827b876e

  • SHA1

    9d81d6c22da289fc2b04c0f7cef803debccbf72d

  • SHA256

    14ea26a775bf7cd9c438c726ec846bf9cdce4d76c918ad5ed3774376b0de3619

  • SHA512

    dbf232cf00ad890c4710e1ec80c2c430d5aa7e252aac0b658e527d74eff3b4595ead6f784754aeaaf219b7323a7ee69bcfe06d5a1afaa3720ea44d5aae96cbf0

  • SSDEEP

    384:ueebxsoUZWX0ivcXPJd0QUSWXqzTJfF+alifsG+sgnBMdbuOTM:ueixsTwgPJqQUSilhfIshuOTM

  Score

  10^/10

  lokibotcollectionspywarestealertrojan

  • Lokibot

    Lokibot is a Password and CryptoCoin Wallet Stealer.

    trojanspywarestealerlokibot

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2