Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2f492e077e1c59ef7217c17307fc4cfdd08d614607e8fba3c6cf445f71367d7b.exe
-
Size
145KB
-
Sample
221201-nep37acf74
-
MD5
ded4dab28d4ac367ce7c19b99457b254
-
SHA1
60fde1e6f71536b1a039fa25b64ade22d0b89506
-
SHA256
2f492e077e1c59ef7217c17307fc4cfdd08d614607e8fba3c6cf445f71367d7b
-
SHA512
8d8a889a7112be5c941999d061be49f26cbb5a85c9337145a3684ba91e7c09cd79cb2249814c5ab7aaae156c11b4374d428350319db568ac64e9ecfac500cf8a
-
SSDEEP
3072:KWuVM9i/wu+5lzBeS9ogAIb2fpsaKfHYRszdGIj:WVn/wPzBeS9ofOaqHRzkQ
Malware Config
Extracted
lokibot
http://171.22.30.164/mous/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
2f492e077e1c59ef7217c17307fc4cfdd08d614607e8fba3c6cf445f71367d7b.exe
-
Size
145KB
-
MD5
ded4dab28d4ac367ce7c19b99457b254
-
SHA1
60fde1e6f71536b1a039fa25b64ade22d0b89506
-
SHA256
2f492e077e1c59ef7217c17307fc4cfdd08d614607e8fba3c6cf445f71367d7b
-
SHA512
8d8a889a7112be5c941999d061be49f26cbb5a85c9337145a3684ba91e7c09cd79cb2249814c5ab7aaae156c11b4374d428350319db568ac64e9ecfac500cf8a
-
SSDEEP
3072:KWuVM9i/wu+5lzBeS9ogAIb2fpsaKfHYRszdGIj:WVn/wPzBeS9ofOaqHRzkQ
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-