Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
8f452907a97d806d962315ba166f89ef
-
Size
467KB
-
Sample
240204-qq6w7adafq
-
MD5
8f452907a97d806d962315ba166f89ef
-
SHA1
f9f68ed3bce640f1b9c5de2c213ee6793fe8289e
-
SHA256
5463a649756bd0c22d0e604aca9a7c5f1cb886d4666c013b61077aaaa9992728
-
SHA512
99e464cc3cdb1e705886d6bb12e518681a0c85c02e080ba7eef894802911433187cdaaade66b25dd3488a181c3af90c0d039120892b434a726465befe622fc92
-
SSDEEP
6144:FQ3R6/VOA55wg6AoP8LOyKL8s61CeeDA2OBsdcNiiduTRgNjXaiaYtYY:K309O+Wg6AoPZ8DKIsWyONraiaYtY
Malware Config
Extracted
lokibot
http://185.227.139.18/dsaicosaicasdi.php/mxnW4pqpedfLr
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
8f452907a97d806d962315ba166f89ef
-
Size
467KB
-
MD5
8f452907a97d806d962315ba166f89ef
-
SHA1
f9f68ed3bce640f1b9c5de2c213ee6793fe8289e
-
SHA256
5463a649756bd0c22d0e604aca9a7c5f1cb886d4666c013b61077aaaa9992728
-
SHA512
99e464cc3cdb1e705886d6bb12e518681a0c85c02e080ba7eef894802911433187cdaaade66b25dd3488a181c3af90c0d039120892b434a726465befe622fc92
-
SSDEEP
6144:FQ3R6/VOA55wg6AoP8LOyKL8s61CeeDA2OBsdcNiiduTRgNjXaiaYtYY:K309O+Wg6AoPZ8DKIsWyONraiaYtY
Score10/10-
Detect ZGRat V1
-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
ZGRat
ZGRat is remote access trojan written in C#.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-