Extracted

• • Target

    bff8cb2aefafe7c6ed5de903bdd1aa0f9cdb6514085ea82f982747ce9e7d6129.exe

  • Size

    582KB

  • MD5

    40a06f63a197fb03ef98a9abd5d32f38

  • SHA1

    5c0d43b5f956715fa9e7b9277fe0268add2189f3

  • SHA256

    bff8cb2aefafe7c6ed5de903bdd1aa0f9cdb6514085ea82f982747ce9e7d6129

  • SHA512

    07c7c2c950594a512f1a10f5a1309ffd6ff85f785fb3d095931835660631127d0a1d90e49818fa296353c331377f134de518c963392df76dac96d362ad674e95

  • SSDEEP

    12288:YpXRssSHKjOYw9ukiZ7F5mFLgdKhEAm58Q0qbkR:YpBssSq6tuk62Bg288QO

  Score

  10^/10

  lokibotcollectioncredential_accessdiscoveryexecutionspywarestealertrojan

  • Lokibot

    Lokibot is a Password and CryptoCoin Wallet Stealer.

    trojanspywarestealerlokibot

  • Credentials from Password Stores: Credentials from Web Browsers

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2