Extracted

• • Target

    JaffaCakes118_9427906ba61825e8d98f8a5090c25705

  • Size

    464KB

  • MD5

    9427906ba61825e8d98f8a5090c25705

  • SHA1

    835d7082e89960b697866df28b5cb8c2e26dece2

  • SHA256

    d2360716c3b7250ecd5814ca97f91ec214bc3c3dcc9eee0cebf7bfdb0f3231ab

  • SHA512

    f55f87322124dd4d8cb07ddcc70a17a8e91c53f0d3304abbddc142422826bbc27bbb4fc63d26bdc02f6d6d08959fdee8285c0dffb9004f154b3292e01facdae3

  • SSDEEP

    6144:UQ+ADYeKtFPrg/2S+umv9BeJyLnt8Swm1E+ejWjWFUe3tJiVouID/ezk5:UQXYPcOv88pE1XUItJiV

  Score

  10^/10

  lokibotagilenetcollectiondiscoveryspywarestealertrojan

  • Lokibot

    Lokibot is a Password and CryptoCoin Wallet Stealer.

    trojanspywarestealerlokibot

  • Lokibot family

    lokibot

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Obfuscated with Agile.Net obfuscator

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    agilenet

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2