Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

tmp.exe

windows7-x64

10

tmp.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    tmp

  • Size

    950KB

  • Sample

    221004-g7jzbaffa2

  • MD5

    33d8d614c67108905cf413115e02401b

  • SHA1

    7f5f2e81d9c09575fd905c780e8b68516aa1897e

  • SHA256

    dc140bba3b9bd59cf1a81a317b893649981131b11abc59a5cad0860d6294762f

  • SHA512

    bd4a9195f60fcc2106c743c06e24201851d6289a5f93cea4a058fca84fdd6643876087709a423d4d337ee2625a15f1a7221290b5a0d1e34654e82283b540e6f8

  • SSDEEP

    12288:6tfwyxM20HccqQKdF5xW6NJ0lUa84K4HTN:0xKc7QKd1WO0f

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://171.22.30.164/perez/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      tmp

    • Size

      950KB

    • MD5

      33d8d614c67108905cf413115e02401b

    • SHA1

      7f5f2e81d9c09575fd905c780e8b68516aa1897e

    • SHA256

      dc140bba3b9bd59cf1a81a317b893649981131b11abc59a5cad0860d6294762f

    • SHA512

      bd4a9195f60fcc2106c743c06e24201851d6289a5f93cea4a058fca84fdd6643876087709a423d4d337ee2625a15f1a7221290b5a0d1e34654e82283b540e6f8

    • SSDEEP

      12288:6tfwyxM20HccqQKdF5xW6NJ0lUa84K4HTN:0xKc7QKd1WO0f

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks