Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

ProductDet...38.exe

windows7-x64

10

ProductDet...38.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ProductDetails21638.exe

  • Size

    1.4MB

  • Sample

    221005-hmgtwsdgfr

  • MD5

    e8443af1626f6ccdff4e82cfd293f232

  • SHA1

    9b6a9922c4f1475bf9bf1dd2f71f88905e4a8d90

  • SHA256

    ea6f6d9fab4b60bafdd8730e249d50c7a1851e4a4dedebc779d266502a0f6ead

  • SHA512

    0e8d74490b486320fc3ad65e1f10af78a8da7d83170f0b79b8f9b56a74707ea920599467212886acdf09d3e61b805c7e3468ef96ad052b4adbd9706a55b53d62

  • SSDEEP

    12288:xnjoVnNCBllTDonWZQzjFeM6DJOjB9sTTHyaTE78+agEWflDY8xulEV0VrB2dfb1:UNclQnYQb6VOWQ77agEilDrxulEVQkp

Score
10/10
lokibotwshratcollectionpersistencespywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://45.155.165.70/se8se/pin.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Extracted

Family

wshrat

C2

http://rze6.sytes.net:4000

Targets

    • Target

      ProductDetails21638.exe

    • Size

      1.4MB

    • MD5

      e8443af1626f6ccdff4e82cfd293f232

    • SHA1

      9b6a9922c4f1475bf9bf1dd2f71f88905e4a8d90

    • SHA256

      ea6f6d9fab4b60bafdd8730e249d50c7a1851e4a4dedebc779d266502a0f6ead

    • SHA512

      0e8d74490b486320fc3ad65e1f10af78a8da7d83170f0b79b8f9b56a74707ea920599467212886acdf09d3e61b805c7e3468ef96ad052b4adbd9706a55b53d62

    • SSDEEP

      12288:xnjoVnNCBllTDonWZQzjFeM6DJOjB9sTTHyaTE78+agEWflDY8xulEV0VrB2dfb1:UNclQnYQb6VOWQ77agEilDrxulEVQkp

    Score
    10/10
    lokibotwshratcollectionpersistencespywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • WSHRAT

      WSHRAT is a variant of Houdini worm and has vbs and js variants.

      trojanwshrat

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks