Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
1ffe7beaec86f3e15436d8ee1247840e.exe
-
Size
499KB
-
Sample
221128-jgd2gsfd37
-
MD5
1ffe7beaec86f3e15436d8ee1247840e
-
SHA1
3981847b1b9e6a73754e55e2814c434f37adeed9
-
SHA256
320cd864f1bcd59e122d933cb6cb19cdb1b679bb4e04d48ae81be09803c1cf29
-
SHA512
049dceedf52d61fc9052e02d079db707d9c0e1c337ce425998e40abdd151a5a84535579abf1fa5837d756ffefac8469ac47a40a9a30f00e4097cb3888ae3989f
-
SSDEEP
12288:VWO+JpbKbf6uMR+mioFhHXhmb84vVEaHgUFC:VWbbKpm73cosV18
Malware Config
Extracted
lokibot
http://208.67.105.148/osburn/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
1ffe7beaec86f3e15436d8ee1247840e.exe
-
Size
499KB
-
MD5
1ffe7beaec86f3e15436d8ee1247840e
-
SHA1
3981847b1b9e6a73754e55e2814c434f37adeed9
-
SHA256
320cd864f1bcd59e122d933cb6cb19cdb1b679bb4e04d48ae81be09803c1cf29
-
SHA512
049dceedf52d61fc9052e02d079db707d9c0e1c337ce425998e40abdd151a5a84535579abf1fa5837d756ffefac8469ac47a40a9a30f00e4097cb3888ae3989f
-
SSDEEP
12288:VWO+JpbKbf6uMR+mioFhHXhmb84vVEaHgUFC:VWbbKpm73cosV18
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-