Extracted

• • Target

    Tu.exe

  • Size

    536KB

  • MD5

    f9f823465eeaa7623fe273a1e8383d75

  • SHA1

    5edb6f90ebcc9ed5aa59fd0fe1e941b3c9aae4b7

  • SHA256

    699b7291b446246d268f68184c6bc94535aed8a4c3ecaef41f4e66806f6d8a4e

  • SHA512

    d0239d18ed428b141d2f8cd87db883b73a83f79bac0bc088039a62b35a1c46555754ca591a75f8041374f184cf504c67dd31c29f917f9b3a9734e508588bd7f9

  • SSDEEP

    12288:wxBJ1kIrKHGoMTWEvbmYFYjrrxPDo9OdhGlA:81kI+HXkvbzFYjrNP89mG

  Score

  10^/10

  lokibotcollectioncredential_accessdiscoveryspywarestealertrojan

  • Lokibot

    Lokibot is a Password and CryptoCoin Wallet Stealer.

    trojanspywarestealerlokibot

  • Credentials from Password Stores: Credentials from Web Browsers

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2