Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
b804838e5cbc18df1dd1357d5fcc290781a4e8d3ba9708d70ccefef4ae12f595.exe
-
Size
563KB
-
Sample
240515-tcbqnsgg99
-
MD5
676efd36e031c7ac3b3b0ed63ab52552
-
SHA1
8a147867588e97e22b61fbe506033dafd001f87b
-
SHA256
b804838e5cbc18df1dd1357d5fcc290781a4e8d3ba9708d70ccefef4ae12f595
-
SHA512
af486f8d32ccbc668abeb2f4a45255842e0b041d3fa9a360437bfb654bc4b455fd7cf47d704fd33acad4a7b37f5e47dfbfbaa53c871399a64fb1ddea3b8967fc
-
SSDEEP
12288:8IOQOffVnzVrTwsD9xpXl/grzP2DX8en:7OQUfhzdMcjpV/grzPmX8en
Malware Config
Extracted
lokibot
http://rocheholding.top/evie3/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
b804838e5cbc18df1dd1357d5fcc290781a4e8d3ba9708d70ccefef4ae12f595.exe
-
Size
563KB
-
MD5
676efd36e031c7ac3b3b0ed63ab52552
-
SHA1
8a147867588e97e22b61fbe506033dafd001f87b
-
SHA256
b804838e5cbc18df1dd1357d5fcc290781a4e8d3ba9708d70ccefef4ae12f595
-
SHA512
af486f8d32ccbc668abeb2f4a45255842e0b041d3fa9a360437bfb654bc4b455fd7cf47d704fd33acad4a7b37f5e47dfbfbaa53c871399a64fb1ddea3b8967fc
-
SSDEEP
12288:8IOQOffVnzVrTwsD9xpXl/grzP2DX8en:7OQUfhzdMcjpV/grzPmX8en
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-