Extracted

• • Target

    ba6815e1603b03b1bace8f0c3d10f38c_JaffaCakes118

  • Size

    621KB

  • MD5

    ba6815e1603b03b1bace8f0c3d10f38c

  • SHA1

    2027e13b099c9e3d96159c6f110356a0345a406a

  • SHA256

    68b161f333c89a7956639cc24293e10ef9322b0ece4c1e9f346893032581a9a1

  • SHA512

    1d08d4be63b99b293fdf3485e435a8b90e34177604fd49a2726f3e1b35f9a5e3859cb44387633fe051a5bd7b6e450c38dac75cd013637c0d1598add922e655f0

  • SSDEEP

    6144:LNAR3hk8i5iucP6eP9BcFZIf8gEW25CBUTHKXNvVyHU6cCZcG42MBwsWqcpxJ8WR:LOjP6eP94bgEX5ENtyHDLMBws3Klcd

  Score

  10^/10

  lokibotcollectioncredential_accessdiscoveryspywarestealertrojan

  • Lokibot

    Lokibot is a Password and CryptoCoin Wallet Stealer.

    trojanspywarestealerlokibot

  • Credentials from Password Stores: Credentials from Web Browsers

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2