Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
0f061f64b9c001f53f851abb1ba06a28
-
Size
1.1MB
-
Sample
231230-ffl4xsgcaj
-
MD5
0f061f64b9c001f53f851abb1ba06a28
-
SHA1
53636290f0b7e1b850b5964d13588bbceed57400
-
SHA256
8a0350e9be990818ecf5d7669d9c0d12fb7d1dd2b8efeb79753ab2ae892e8a53
-
SHA512
5dd4aa06af3fe1141fc0c605815c375676532aab745024aa7d2d2756977b9ab208a6141bc7a97bfc34a200f8695d70f82a791cbe441d343bd51f6df6ef13840f
-
SSDEEP
24576:2YFaCm9krOsBgo0q4wMoNPlwC2e+vKh0A1im:2ZkaoHMoNPWCyT+
Malware Config
Extracted
lokibot
http://manvim.co/fd14/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
0f061f64b9c001f53f851abb1ba06a28
-
Size
1.1MB
-
MD5
0f061f64b9c001f53f851abb1ba06a28
-
SHA1
53636290f0b7e1b850b5964d13588bbceed57400
-
SHA256
8a0350e9be990818ecf5d7669d9c0d12fb7d1dd2b8efeb79753ab2ae892e8a53
-
SHA512
5dd4aa06af3fe1141fc0c605815c375676532aab745024aa7d2d2756977b9ab208a6141bc7a97bfc34a200f8695d70f82a791cbe441d343bd51f6df6ef13840f
-
SSDEEP
24576:2YFaCm9krOsBgo0q4wMoNPlwC2e+vKh0A1im:2ZkaoHMoNPWCyT+
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-