Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2fe572c4c7550b00993c0b9b344a65df.exe
-
Size
364KB
-
Sample
230106-l2s29aff67
-
MD5
2fe572c4c7550b00993c0b9b344a65df
-
SHA1
050979d9ebc2b777ddaf12c15b086da39f8bd472
-
SHA256
2d83164d1358ec644bb36c5edd0c16e115510789fea78f6a009a5969a74cd9e9
-
SHA512
76b646c346070f83832afda5442e0c5b54d1c73885b14235e58aa4c2ceeed4657c8f2a78427fc963d9cf1e39dfc9336881d9855b142f7ec5c06fe118e6a3e144
-
SSDEEP
6144:LYa6H6UvT9XdqN3S4bEMZBR8zWZcTeYE7BEbaT:LYh6UvDO3S4rZIr67BIaT
Malware Config
Extracted
lokibot
http://171.22.30.147/kelly/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
2fe572c4c7550b00993c0b9b344a65df.exe
-
Size
364KB
-
MD5
2fe572c4c7550b00993c0b9b344a65df
-
SHA1
050979d9ebc2b777ddaf12c15b086da39f8bd472
-
SHA256
2d83164d1358ec644bb36c5edd0c16e115510789fea78f6a009a5969a74cd9e9
-
SHA512
76b646c346070f83832afda5442e0c5b54d1c73885b14235e58aa4c2ceeed4657c8f2a78427fc963d9cf1e39dfc9336881d9855b142f7ec5c06fe118e6a3e144
-
SSDEEP
6144:LYa6H6UvT9XdqN3S4bEMZBR8zWZcTeYE7BEbaT:LYh6UvDO3S4rZIr67BIaT
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-