Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
kellydbt4186.exe
-
Size
832KB
-
Sample
230308-m3lj8sfc2t
-
MD5
3c35cb135af22e28a87647343833d4d1
-
SHA1
32dd9b7a9fb366f7ddc71582bf942f966c95fea0
-
SHA256
4cfeafd256d56b8d617006bb48351e85a46b7f278d3363c0712c3277036bf7ec
-
SHA512
08cdbb4946b09f1f96df5483220536fc20027b9e1aee0a5660b35f655c44bf417bde0ee43dfaa58d8b573061c05857f74310e38ba635457ddaca527ede03e926
-
SSDEEP
24576:iEP78/1Uwnl19Ju9Ke1zbnyOifos3v1C8LFg:mnw9Ke1nIo+v17pg
Static task
static1
Behavioral task
behavioral1
Sample
kellydbt4186.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
kellydbt4186.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
lokibot
http://171.22.30.147/kelly/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
kellydbt4186.exe
-
Size
832KB
-
MD5
3c35cb135af22e28a87647343833d4d1
-
SHA1
32dd9b7a9fb366f7ddc71582bf942f966c95fea0
-
SHA256
4cfeafd256d56b8d617006bb48351e85a46b7f278d3363c0712c3277036bf7ec
-
SHA512
08cdbb4946b09f1f96df5483220536fc20027b9e1aee0a5660b35f655c44bf417bde0ee43dfaa58d8b573061c05857f74310e38ba635457ddaca527ede03e926
-
SSDEEP
24576:iEP78/1Uwnl19Ju9Ke1zbnyOifos3v1C8LFg:mnw9Ke1nIo+v17pg
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-