Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
8ccb5dc4ee7dbe6c28d9b26670ebd57269e8d982c35f9098ebeb5bdd4abc2fbfexe_JC.exe
-
Size
235KB
-
Sample
230806-s4jpxsah38
-
MD5
9c47da2eaf8817c64de9cb8f51cb76d1
-
SHA1
f6401703f4daf98b106ef34d262c8e3f9bf7f4a5
-
SHA256
8ccb5dc4ee7dbe6c28d9b26670ebd57269e8d982c35f9098ebeb5bdd4abc2fbf
-
SHA512
8b36090784316f58da10d5a115076f8a7de12fc39af117dab8abb29dfa60f5d8505d0d60857741a513d4ba2136beca1f5440365c7df6c7db562282400f2e1251
-
SSDEEP
6144:fqjIAZnS7kEw+IZKoOHk121yf6g8HzAt+u868L:KLnS7ijsxk1QykTe2N
Static task
static1
Behavioral task
behavioral1
Sample
8ccb5dc4ee7dbe6c28d9b26670ebd57269e8d982c35f9098ebeb5bdd4abc2fbfexe_JC.exe
Resource
win7-20230712-en
Malware Config
Extracted
lokibot
http://87.121.47.132/size/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
8ccb5dc4ee7dbe6c28d9b26670ebd57269e8d982c35f9098ebeb5bdd4abc2fbfexe_JC.exe
-
Size
235KB
-
MD5
9c47da2eaf8817c64de9cb8f51cb76d1
-
SHA1
f6401703f4daf98b106ef34d262c8e3f9bf7f4a5
-
SHA256
8ccb5dc4ee7dbe6c28d9b26670ebd57269e8d982c35f9098ebeb5bdd4abc2fbf
-
SHA512
8b36090784316f58da10d5a115076f8a7de12fc39af117dab8abb29dfa60f5d8505d0d60857741a513d4ba2136beca1f5440365c7df6c7db562282400f2e1251
-
SSDEEP
6144:fqjIAZnS7kEw+IZKoOHk121yf6g8HzAt+u868L:KLnS7ijsxk1QykTe2N
-
Checks QEMU agent file
Checks presence of QEMU agent, possibly to detect virtualization.
-
Loads dropped DLL
-
Suspicious use of NtCreateThreadExHideFromDebugger
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-