Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
SHIPPING UPDATE.xls
-
Size
1.4MB
-
Sample
231003-gw2d8age9t
-
MD5
19202ef8b0f4d1536e4bf40e0246a2ec
-
SHA1
1e570dea25b0f41bddf2d3e4b5fa887cc6f08a0e
-
SHA256
e743cf899576503ecd96fdd01f5f8b6775a681e6eaff832b602ea04872fe1e4a
-
SHA512
65a211c821828380fefd127690330c3fd6600f4bb9230aae3e9e1ad335804f4dfbe5c48bbe3b5c8c7bbb3b2afc3e04fcb977d8973e4276472ba24683140b22d9
-
SSDEEP
24576:xWQmmav30xSZyMw6VzAXZSp4Zybw6Vn+6bvdXXXXXXXXXXXXUXXXXXXXXXXXXXX2:AQmmQ30686VwEIf6V+6YxxDfIK27/
Malware Config
Extracted
lokibot
https://sempersim.su/a14/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
SHIPPING UPDATE.xls
-
Size
1.4MB
-
MD5
19202ef8b0f4d1536e4bf40e0246a2ec
-
SHA1
1e570dea25b0f41bddf2d3e4b5fa887cc6f08a0e
-
SHA256
e743cf899576503ecd96fdd01f5f8b6775a681e6eaff832b602ea04872fe1e4a
-
SHA512
65a211c821828380fefd127690330c3fd6600f4bb9230aae3e9e1ad335804f4dfbe5c48bbe3b5c8c7bbb3b2afc3e04fcb977d8973e4276472ba24683140b22d9
-
SSDEEP
24576:xWQmmav30xSZyMw6VzAXZSp4Zybw6Vn+6bvdXXXXXXXXXXXXUXXXXXXXXXXXXXX2:AQmmQ30686VwEIf6V+6YxxDfIK27/
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-