Extracted

• • Target

    f7e15774ecd0de31e719ef09f2884db6_JaffaCakes118

  • Size

    504KB

  • MD5

    f7e15774ecd0de31e719ef09f2884db6

  • SHA1

    eb71ab78ade27b21646463175f8509d7ed4cb71e

  • SHA256

    1561b33c7efac0edb9b9a023b04853fe5666c1acd6b9531de5673cc337f86049

  • SHA512

    e624c76ffff63e1f9c141193ee469feff7a7c8512ecd6a1c724100a035940b6182579b44b03f6670a0e4d8c722eb3359104288c456b7f0ae77e5d028cdbe5b7e

  • SSDEEP

    12288:NbYqFZw1M4R9YoB2lqsAdOzGBPAAzmOtHzRrtAYG:tPZ74xBPdOz23pXAYG

  Score

  10^/10

  lokibotcollectiondiscoveryspywarestealertrojandefense_evasion

  • Lokibot

    Lokibot is a Password and CryptoCoin Wallet Stealer.

    trojanspywarestealerlokibot

  • Process spawned unexpected child process

    This typically indicates the parent process was compromised via an exploit or macro.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2