Extracted

• • Target

    cluton.exe

  • Size

    282KB

  • MD5

    173cc49904c607c514e2f4a2054aaca0

  • SHA1

    0b185b7649c50d06a5d115a210aa3496abf445c2

  • SHA256

    985d2a5f97ed03ae735c7f30f950846339d5fce5c18491326edec9a8be5cc509

  • SHA512

    f2a83903311969c96aa44df504e9c8118fb2be0a46058502da744ab4790c476e36474ec856afc8a70d599e11df319597d0998f7f9d9e0751899eac92fe567624

  • SSDEEP

    3072:1BkfJpRXATwMdFCcJKTTGoE+l4lPRQ4aKhyLd1bWqf20AoZbwh8LsZU2z0Ai1:1qjITj9RQ4aKhSnf1AoZgqV1

  Score

  10^/10

  lokibotcollectiondiscoveryspywarestealertrojan

  • Lokibot

    Lokibot is a Password and CryptoCoin Wallet Stealer.

    trojanspywarestealerlokibot

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1

• • Target

    vogrqihk.dll

  • Size

    7KB

  • MD5

    94d33e9281067f72a6e4f1dd967bab7d

  • SHA1

    9e669f1f7f783c3447af607118162fa57c935244

  • SHA256

    2d8743291b8f338633ac2bcd5181c55f287196f6864680d4b23f1083f787d967

  • SHA512

    46600f2670fc175211fb5e45300c211ecac74968499d8bdcd1edf6ffd4c41e54e3bc798a63d5b2cfab871ec748a3a181c3d3b7516c728981f26207e807354634

  • SSDEEP

    96:PAvk/PoxZMoL1V7qckBuyiSC7ASiHKFj39+qiK7CoemaEE8v+QZb7k:5PonMoTK8ya7ASuK19+qUoJPE8v/b7

  Score

  10^/10

  lokibotcollectiondiscoveryspywarestealertrojan

  • Lokibot

    Lokibot is a Password and CryptoCoin Wallet Stealer.

    trojanspywarestealerlokibot

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral2