Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
b8989acd38fb372495a40c9429bd3196ba2981c82cff4cd2a00cfc0bcd1ec012
-
Size
554KB
-
Sample
230524-kryz3scc5x
-
MD5
2fedad2f88722142df214c3f34e00708
-
SHA1
16ec374d570d2044195ce97ae20ee303e502c070
-
SHA256
b8989acd38fb372495a40c9429bd3196ba2981c82cff4cd2a00cfc0bcd1ec012
-
SHA512
36d7ba169aad9ac471843a8b728fce9f3e78a58ab5f24b31e65abe404bcc50eff417f0111a5400e31d6d5cda0c491b0f280af2da0efe370b0d4d6510f3498820
-
SSDEEP
12288:55tPplTY6RhKutVJlzWDuyb47PjILIdl+X:55JTDEozSDz47PjI0/+X
Malware Config
Extracted
lokibot
http://171.22.30.164/fresh1/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
b8989acd38fb372495a40c9429bd3196ba2981c82cff4cd2a00cfc0bcd1ec012
-
Size
554KB
-
MD5
2fedad2f88722142df214c3f34e00708
-
SHA1
16ec374d570d2044195ce97ae20ee303e502c070
-
SHA256
b8989acd38fb372495a40c9429bd3196ba2981c82cff4cd2a00cfc0bcd1ec012
-
SHA512
36d7ba169aad9ac471843a8b728fce9f3e78a58ab5f24b31e65abe404bcc50eff417f0111a5400e31d6d5cda0c491b0f280af2da0efe370b0d4d6510f3498820
-
SSDEEP
12288:55tPplTY6RhKutVJlzWDuyb47PjILIdl+X:55JTDEozSDz47PjI0/+X
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-