Extracted

• • Target

    Doc_Copy04762947.exe

  • Size

    732KB

  • MD5

    aa76f2a8b88e2a86f238f4975f1f048d

  • SHA1

    9775d73cac2c7168b4f1e4790bb52b77c8b02763

  • SHA256

    ba24ead7f4a9680c1d11cc6da2dc9089956245c771f6fa05b7c7ab9de6f3e543

  • SHA512

    12d3f4ba0a26f8bb92ac4d292a116a1f68c905130b27a69a6182ddb30730446f15e61b0d24834d667e265448d025bcdc6fd5071aa21c2ad1223827e30663f202

  • SSDEEP

    12288:3UJB0Olux0+EoHyjgsfH7dwWbBFoF2PYDbqYsIGK173MEGSeq63JhZ:cjux033D9Fy6YnzsIGK5Md355D

  Score

  10^/10

  lokibotcollectiondiscoveryspywarestealertrojan

  • Lokibot

    Lokibot is a Password and CryptoCoin Wallet Stealer.

    trojanspywarestealerlokibot

  • Lokibot family

    lokibot

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2