Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
0aab1e371452f83e1b75bac424d4123c.exe
-
Size
999KB
-
Sample
230613-xn7h9sba9y
-
MD5
0aab1e371452f83e1b75bac424d4123c
-
SHA1
9e93c2e1bbb55a04b229e86a0ebc886783f6e2c9
-
SHA256
852e0d9a8f474077261d053d587868b211e70eff320a7e7067c3fc1cb3253ea5
-
SHA512
142fdc7f5d170d5addc67ff5783d26859075d0d7f18ec3d11a0f2e8b4f89ef79a5970e9adfc490342b1bcf8e1d6fd005feb8c10eb3857198ddb6f09ddf41337f
-
SSDEEP
12288:vqrofviVFglmZIrHlNDOM+dOmyy7aMXEw2M:vXKw8+zDbmyc5XYM
Malware Config
Extracted
lokibot
http://161.35.102.56/~nikol/?p=8254674426
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
0aab1e371452f83e1b75bac424d4123c.exe
-
Size
999KB
-
MD5
0aab1e371452f83e1b75bac424d4123c
-
SHA1
9e93c2e1bbb55a04b229e86a0ebc886783f6e2c9
-
SHA256
852e0d9a8f474077261d053d587868b211e70eff320a7e7067c3fc1cb3253ea5
-
SHA512
142fdc7f5d170d5addc67ff5783d26859075d0d7f18ec3d11a0f2e8b4f89ef79a5970e9adfc490342b1bcf8e1d6fd005feb8c10eb3857198ddb6f09ddf41337f
-
SSDEEP
12288:vqrofviVFglmZIrHlNDOM+dOmyy7aMXEw2M:vXKw8+zDbmyc5XYM
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-