Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
HSBC Advise_pdf.exe
-
Size
356KB
-
Sample
230208-xbhz5sde8z
-
MD5
9587102c110910a51b37b74ce40e2362
-
SHA1
4126184e03449d077a878c0c3201508cf66e8ce4
-
SHA256
db8eae6ede6a43fac5b49d89810a2e17c3e2c0d78c6487af3b6532e4a32779ce
-
SHA512
f2cbec2e3fbac6eb518faa9a3828db0034e3c38c78fa573199175219252485bb8267605e4847fc0113d09af33fdfcd1a671b53bcf0c043155ef6e3bdeb8c1c3e
-
SSDEEP
6144:uYa6TFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFY:uY///tP2MgwSDevfvFep+O3
Malware Config
Extracted
lokibot
https://sempersim.su/ha12/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
HSBC Advise_pdf.exe
-
Size
356KB
-
MD5
9587102c110910a51b37b74ce40e2362
-
SHA1
4126184e03449d077a878c0c3201508cf66e8ce4
-
SHA256
db8eae6ede6a43fac5b49d89810a2e17c3e2c0d78c6487af3b6532e4a32779ce
-
SHA512
f2cbec2e3fbac6eb518faa9a3828db0034e3c38c78fa573199175219252485bb8267605e4847fc0113d09af33fdfcd1a671b53bcf0c043155ef6e3bdeb8c1c3e
-
SSDEEP
6144:uYa6TFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFY:uY///tP2MgwSDevfvFep+O3
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-