Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
gunzipped.exe
-
Size
552KB
-
Sample
231031-wstyaseb98
-
MD5
fc36cd1e8398a2a80c73adb216e1467f
-
SHA1
8b23327b0cc9a846d4403a804a4ba510595072fe
-
SHA256
8711e0e6e3e5e0b15d2998e1a5cd6843d5e6778109b74d6c68679880318b3cd4
-
SHA512
f592350506b79331137f807ee3f081cad911f4584e9d33923456e7bcb5f73e1c070d39a31f9b7d66be0ef2f2481cb02c80496cd956631e483fc3dedeac79a6e6
-
SSDEEP
12288:axauTX2lSW6RuDUva8kXdB4/itMklPg4RIKE8NK0EIWDm4:CLj2l56RuDUgHfi
Static task
static1
Behavioral task
behavioral1
Sample
gunzipped.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
gunzipped.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
lokibot
http://146.190.157.174/wnaJUnFmVXSKF
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
gunzipped.exe
-
Size
552KB
-
MD5
fc36cd1e8398a2a80c73adb216e1467f
-
SHA1
8b23327b0cc9a846d4403a804a4ba510595072fe
-
SHA256
8711e0e6e3e5e0b15d2998e1a5cd6843d5e6778109b74d6c68679880318b3cd4
-
SHA512
f592350506b79331137f807ee3f081cad911f4584e9d33923456e7bcb5f73e1c070d39a31f9b7d66be0ef2f2481cb02c80496cd956631e483fc3dedeac79a6e6
-
SSDEEP
12288:axauTX2lSW6RuDUva8kXdB4/itMklPg4RIKE8NK0EIWDm4:CLj2l56RuDUgHfi
Score10/10-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-