Extracted

• • Target

    f87b4e7c69ce161743f4b9b0001d7376e163d615ce477c390f63cadf09ffc5d4.exe

  • Size

    104KB

  • MD5

    eb6beba0181a014ac8c0ec040cb1121a

  • SHA1

    52805384c7cd1b73944525c480792a3d0319b116

  • SHA256

    f87b4e7c69ce161743f4b9b0001d7376e163d615ce477c390f63cadf09ffc5d4

  • SHA512

    0afb9a7d180fe017520afb39e954821f77c8b6e2e11bbf73402dcdade231d07f3b755f40606252c917b51a0f5f32d499b96b30e7f2f617c50e709eae4cd80ae4

  • SSDEEP

    1536:czvQSZpGS4/31A6mQgL2eYCGDwRcMkVQd8YhY0/EqfIzmd:nSHIG6mQwGmfOQd8YhY0/EqUG

  Score

  10^/10

  lokibotcollectiondiscoveryspywarestealertrojanadwarepersistenceprivilege_escalation

  • Lokibot

    Lokibot is a Password and CryptoCoin Wallet Stealer.

    trojanspywarestealerlokibot

  • Lokibot family

    lokibot

  • Boot or Logon Autostart Execution: Active Setup

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence

  • Downloads MZ/PE file

  • Event Triggered Execution: Component Object Model Hijacking

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Installs/modifies Browser Helper Object

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware

  • Drops file in System32 directory

  behavioral1behavioral2