Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
28d4101cef00acd3914aecaa06d50a27be0f8b8819e9a37c5ec863d9989a28c4.zip
-
Size
827KB
-
Sample
230308-nf71dsfh82
-
MD5
117eb3e98411d77cfeed52949085c71d
-
SHA1
015ab59c48946f5bb9c4b90915b1c61d16f95eb7
-
SHA256
0426675ed2e21bdb3651804800bbb9006c74650c0b16060c81971f847475a4f5
-
SHA512
28d6ce39a125629e27399e9cce49f7d7ce01e5171939ee66e64aaba3e9e54192531006bb3fe7803bab6c36f28c587110fe54f0a74b597e9ab45ad2ff31bf86de
-
SSDEEP
24576:urhq2fVI4oFdJHSl5R7sndJ4P5X7sGM8OLVDXg:WhqQVpoPJHSOndCRLvMjDw
Malware Config
Extracted
lokibot
https://sempersim.su/ha22/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
28d4101cef00acd3914aecaa06d50a27be0f8b8819e9a37c5ec863d9989a28c4.exe
-
Size
992KB
-
MD5
eff63edb21dc723a40b41704a7634ab7
-
SHA1
14afa54eba8346e683338a34650da45dce3aaed5
-
SHA256
28d4101cef00acd3914aecaa06d50a27be0f8b8819e9a37c5ec863d9989a28c4
-
SHA512
208f8949fb3cdd23f2a3c67caaa0449567ecbdc8161dd8cc9bd7118884771f6c6124e7450f3e4d937a682fe71687f1d962626c22d08f908b93b82f6dd88acec7
-
SSDEEP
24576:YMFy+jFy+IA0Iwm/IYBbABlj+jx/x49E25CX:tFrjFrIzaIYAljO1++25CX
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-