Extracted

• • Target

    Objednávka_(PO208919)_Agropodnik_A.S_Trnava.exe

  • Size

    205KB

  • MD5

    522be3a6169aafdcd8cb667335561a1e

  • SHA1

    9d973aa0c89ef14d8352655fa96fda19199e2f1d

  • SHA256

    607ae2812c4933e7dc70081e55dac398f6729e32708ab1a723c2340dca6bd501

  • SHA512

    1cdeb1798ec1bbd77db3592606d6781d4ed77ae87021609d549814ca6eee037cd8b918bf7b21d9dd949f5fe4ac34d4ad7c5b0d019744137f7b41291c0f6acc6f

  • SSDEEP

    3072:w/hjZYOLYwIs9rLM2OXps4qlALF3r1u45Iymcwm6Upm/W6OEAmjc+e:ohjpLjG64D9j5Tb6wm/uEAmg+

  Score

  10^/10

  lokibotadwarecollectiondiscoverypersistenceprivilege_escalationspywarestealertrojan

  • Lokibot

    Lokibot is a Password and CryptoCoin Wallet Stealer.

    trojanspywarestealerlokibot

  • Lokibot family

    lokibot

  • Boot or Logon Autostart Execution: Active Setup

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence

  • Downloads MZ/PE file

  • Event Triggered Execution: Component Object Model Hijacking

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation

  • Executes dropped EXE

  • Accesses Microsoft Outlook profiles

    collection

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Installs/modifies Browser Helper Object

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1