Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

tmp.exe

windows7-x64

10

tmp.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    tmp

  • Size

    950KB

  • Sample

    221004-g7jzbaffa2

  • MD5

    33d8d614c67108905cf413115e02401b

  • SHA1

    7f5f2e81d9c09575fd905c780e8b68516aa1897e

  • SHA256

    dc140bba3b9bd59cf1a81a317b893649981131b11abc59a5cad0860d6294762f

  • SHA512

    bd4a9195f60fcc2106c743c06e24201851d6289a5f93cea4a058fca84fdd6643876087709a423d4d337ee2625a15f1a7221290b5a0d1e34654e82283b540e6f8

  • SSDEEP

    12288:6tfwyxM20HccqQKdF5xW6NJ0lUa84K4HTN:0xKc7QKd1WO0f

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://171.22.30.164/perez/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      tmp

    • Size

      950KB

    • MD5

      33d8d614c67108905cf413115e02401b

    • SHA1

      7f5f2e81d9c09575fd905c780e8b68516aa1897e

    • SHA256

      dc140bba3b9bd59cf1a81a317b893649981131b11abc59a5cad0860d6294762f

    • SHA512

      bd4a9195f60fcc2106c743c06e24201851d6289a5f93cea4a058fca84fdd6643876087709a423d4d337ee2625a15f1a7221290b5a0d1e34654e82283b540e6f8

    • SSDEEP

      12288:6tfwyxM20HccqQKdF5xW6NJ0lUa84K4HTN:0xKc7QKd1WO0f

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.