Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Shipping Docs_pdf.exe
-
Size
124KB
-
Sample
221206-3z53gaae5z
-
MD5
5d651c3d02ee8cc934ba8751b04bf8c4
-
SHA1
3daf473c34d4819067cec204e22160d8054d6eb9
-
SHA256
34cb99613940f2408bc3ca05b9fef7b8d490cd8cada151b65251a1f76fdddc81
-
SHA512
1be180287e2bdc41d28f7e6199172a6dc5b41d2f904b3a956a62d807a46cce4692a978b1ef148861b6e961c882f6d744ff8ff7f9db3785c3a4820b596724dfa9
-
SSDEEP
3072:QEhKzShSycSMmMFQFxhtIp+8wABgkXbm3PKGRAEN/LoG:QBn1mMGtt9JABgkC3CD8/kG
Malware Config
Extracted
lokibot
http://drinz.us/FILAZ/QU/coosaza.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
Shipping Docs_pdf.exe
-
Size
124KB
-
MD5
5d651c3d02ee8cc934ba8751b04bf8c4
-
SHA1
3daf473c34d4819067cec204e22160d8054d6eb9
-
SHA256
34cb99613940f2408bc3ca05b9fef7b8d490cd8cada151b65251a1f76fdddc81
-
SHA512
1be180287e2bdc41d28f7e6199172a6dc5b41d2f904b3a956a62d807a46cce4692a978b1ef148861b6e961c882f6d744ff8ff7f9db3785c3a4820b596724dfa9
-
SSDEEP
3072:QEhKzShSycSMmMFQFxhtIp+8wABgkXbm3PKGRAEN/LoG:QBn1mMGtt9JABgkC3CD8/kG
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-