Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
RFQ MV-Haian.exe
-
Size
485KB
-
Sample
221129-lwl2ragg67
-
MD5
14118ff01802f541e0593c3efc0b55c4
-
SHA1
70e44e69b10a80f2a987c061febc154c5226f3bf
-
SHA256
622b22f54e4d408ed547536ee1ec8714411cefebb170d69aeb6aae8a23a22233
-
SHA512
c0123827bc905c39692286931836fa9d076264d56a1bf3c761ef63e670802b1a050c76e61e44780bf55b98635a82c2f7d696fa42e02137050b801a9e7bc0c076
-
SSDEEP
12288:qWO+CpbKbfqFEtigKKyBG3qoS2xTSZRncT5S:qWIbKjthKep/NSZRcT
Malware Config
Extracted
lokibot
http://sempersim.su/gm9/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
RFQ MV-Haian.exe
-
Size
485KB
-
MD5
14118ff01802f541e0593c3efc0b55c4
-
SHA1
70e44e69b10a80f2a987c061febc154c5226f3bf
-
SHA256
622b22f54e4d408ed547536ee1ec8714411cefebb170d69aeb6aae8a23a22233
-
SHA512
c0123827bc905c39692286931836fa9d076264d56a1bf3c761ef63e670802b1a050c76e61e44780bf55b98635a82c2f7d696fa42e02137050b801a9e7bc0c076
-
SSDEEP
12288:qWO+CpbKbfqFEtigKKyBG3qoS2xTSZRncT5S:qWIbKjthKep/NSZRcT
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-