Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
3b7736009133ab2366038e6d9a3e0c2f.bin
-
Size
887KB
-
Sample
231029-bqk76aea9z
-
MD5
a3746e1826910da25c308e9f8e98af08
-
SHA1
1f61f4da6a7b9f3b0476bc8b8286a8c337a4146b
-
SHA256
b4b3295665d45e9d187ab312a0e62dd3b80cc45b320274298f42f42bee22a6ee
-
SHA512
9703081ff175996e3917b78bb2bcd130a5119476f609737b0168c577867b330cc9f85a49c97c0a7750c45d461a906d02eb84adbb20231c1914a80ed39d7a2914
-
SSDEEP
12288:A8i8P+c0mjhqAGJ5YzPxxbyH0Q2zQbLxiNMecttR5CZb9IxUlxI6mgaqAHsAQj6E:AQPgTqzeH0NQbsNMeadCZbGUDTiqcGAC
Malware Config
Extracted
lokibot
https://sempersim.su/a16/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
6fb30f4760c71e5dd852e73a34222a6fae6f44a0046d0f913e5bcb68ce514590.bin
-
Size
1.1MB
-
MD5
3b7736009133ab2366038e6d9a3e0c2f
-
SHA1
ba1ccf6ca0888c15f6475bcac6e285cb479d8939
-
SHA256
6fb30f4760c71e5dd852e73a34222a6fae6f44a0046d0f913e5bcb68ce514590
-
SHA512
d0d5fa14eb9b797150d1e76e0017b9cda71fd235d3cbee2be246cbaa480ad3d07f3ff6557a2b9a688526ebea478e614983f5545cef987ed3ed562d89f476b80f
-
SSDEEP
24576:wxBXZyrw6/2THaZylw6/90U++g4JRuJngtQETYRMO+4yi0CLnsd7UNl:UF6/ek76/+UBg4TUngtzTUGFCDkC
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-