Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
AWB# 10235516763.exe
-
Size
944KB
-
Sample
230605-gla5aafa69
-
MD5
af47ae14745653905d907485f64b821a
-
SHA1
6fc98df45c391ba42025f17137a4448b15089341
-
SHA256
c6b9515b2ec0ab542e367db58cefdedcd446f00ea5bf864ed1906c38ceba1e1a
-
SHA512
2221d1d6d3725ff90131eb78fa618835803903e2b1ce27c8e6f8e715b689298b9cda4e8c30633bcf1ca791dc5a3a0e1bdd8c1372d591533c94057110dd1a6c8a
-
SSDEEP
12288:Q5eUkPxlE+NFzYKRMBFq5HOkoRACH6aFJ07oqQdfeFvgBTfAOow+YAR:DGrq45HaVRQdAvgBTfeJDR
Malware Config
Extracted
lokibot
http://161.35.102.56/~nikol/?p=41491438105
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
AWB# 10235516763.exe
-
Size
944KB
-
MD5
af47ae14745653905d907485f64b821a
-
SHA1
6fc98df45c391ba42025f17137a4448b15089341
-
SHA256
c6b9515b2ec0ab542e367db58cefdedcd446f00ea5bf864ed1906c38ceba1e1a
-
SHA512
2221d1d6d3725ff90131eb78fa618835803903e2b1ce27c8e6f8e715b689298b9cda4e8c30633bcf1ca791dc5a3a0e1bdd8c1372d591533c94057110dd1a6c8a
-
SSDEEP
12288:Q5eUkPxlE+NFzYKRMBFq5HOkoRACH6aFJ07oqQdfeFvgBTfAOow+YAR:DGrq45HaVRQdAvgBTfeJDR
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-