Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
d75ab859064eaea321a5a7f11a4b0cb4ab85d987c41f293ea879e374b7348cae
-
Size
811KB
-
Sample
230110-xz5h2sda7t
-
MD5
00472fb7e9be629b6d8a1436949bbfb1
-
SHA1
34d8bde6eafd60b22e64690472ee5607ad954948
-
SHA256
d75ab859064eaea321a5a7f11a4b0cb4ab85d987c41f293ea879e374b7348cae
-
SHA512
e4ffa3e4a6eb652c82aaf769f1800046c256bec8c9c685abf73e3e3992af5101240b3bc241ee2888802a5df0498448aed074876236fe292b3ded977c9f6a6acd
-
SSDEEP
24576:u+pmxdK1vfXdyg55Gs5nyyxDqEZV/NWCHgh/Wgfz:ubxdsvP0KGs5nyCDqEZVeh/Wgf
Malware Config
Extracted
lokibot
http://208.67.105.148/fresh2/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
d75ab859064eaea321a5a7f11a4b0cb4ab85d987c41f293ea879e374b7348cae
-
Size
811KB
-
MD5
00472fb7e9be629b6d8a1436949bbfb1
-
SHA1
34d8bde6eafd60b22e64690472ee5607ad954948
-
SHA256
d75ab859064eaea321a5a7f11a4b0cb4ab85d987c41f293ea879e374b7348cae
-
SHA512
e4ffa3e4a6eb652c82aaf769f1800046c256bec8c9c685abf73e3e3992af5101240b3bc241ee2888802a5df0498448aed074876236fe292b3ded977c9f6a6acd
-
SSDEEP
24576:u+pmxdK1vfXdyg55Gs5nyyxDqEZV/NWCHgh/Wgfz:ubxdsvP0KGs5nyCDqEZVeh/Wgf
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-