Extracted

• • Target

    cd23b9710a6f3bddf569663eca410316_JaffaCakes118

  • Size

    428KB

  • MD5

    cd23b9710a6f3bddf569663eca410316

  • SHA1

    26afee2a515aa7c0d2ab691fadd85bfc948dcfbe

  • SHA256

    193e8868bf9fbb4fc5edb8a0e2400796ee644114d8a401c8550ce0aa958665ac

  • SHA512

    789589860b13b580604be4d7127bc340cc0d29bcf8e6cb6a9259bbf4623033f96addc41b1df41850ee273c9e642730cff5dbc54d75171bdf9caa727cd4ab13cd

  • SSDEEP

    12288:sEfBZl1vvNQSnTlBZl1vvNQSnTnHrpq0sU5:sEJ1vvNQQTz1vvNQQTNq0x

  Score

  10^/10

  lokibotdiscoverypersistenceprivilege_escalationspywarestealertrojancollectioncredential_access

  • Lokibot

    Lokibot is a Password and CryptoCoin Wallet Stealer.

    trojanspywarestealerlokibot

  • Credentials from Password Stores: Credentials from Web Browsers

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2