Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
gunzipped.exe
-
Size
622KB
-
Sample
230425-cjemgafh62
-
MD5
7f7786f7e514c06d1e4339872eadfbca
-
SHA1
c31005105ee392b459b27f4905319f85132f623e
-
SHA256
6f6d9a1e3f836778793c6c4d52bed1d222ecdf63aac071109f69e7fc2e268d7c
-
SHA512
c45abd8a9a3331515fa6ff2677388656754575db1363469070fb56598437e75dfb164c771dccdf3f31bdc5ff4ade355203409cb5ecec2142aebf1056683fb374
-
SSDEEP
12288:BbSJgvm3ik/o8wBVyZcuCqOongzxR0nfA7iGumi1:BbSJgvm3ikPwBQpCqOongFR0fAermi1
Malware Config
Extracted
lokibot
http://104.156.227.195/~blog/?p=78405647195
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
gunzipped.exe
-
Size
622KB
-
MD5
7f7786f7e514c06d1e4339872eadfbca
-
SHA1
c31005105ee392b459b27f4905319f85132f623e
-
SHA256
6f6d9a1e3f836778793c6c4d52bed1d222ecdf63aac071109f69e7fc2e268d7c
-
SHA512
c45abd8a9a3331515fa6ff2677388656754575db1363469070fb56598437e75dfb164c771dccdf3f31bdc5ff4ade355203409cb5ecec2142aebf1056683fb374
-
SSDEEP
12288:BbSJgvm3ik/o8wBVyZcuCqOongzxR0nfA7iGumi1:BbSJgvm3ikPwBQpCqOongFR0fAermi1
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-