Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

66ba1cf701...18.exe

windows7-x64

10

66ba1cf701...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    66ba1cf701941ec97285cf498ab67b9b_JaffaCakes118

  • Size

    564KB

  • Sample

    240522-kys3eaab9y

  • MD5

    66ba1cf701941ec97285cf498ab67b9b

  • SHA1

    4be68c2581e02e36b0511792d8f564d8401ef5e7

  • SHA256

    faa03d8c2d40970ea9355723cd5bc393b8223ca964b2cb79a9e8c104e4c2d8c6

  • SHA512

    81f578c9b83db8cddd378fe26f20821e57d4f7a08d8eb9d7d1ee0356293c6a1c65ed76b1fd36598b61233ffe19791a9ae32b3d7021d4b73840111df7301de300

  • SSDEEP

    6144:Xrcg1wmtpg5gyjAzY+1HXsK7wCCZPj2zDIY63Q62:bcZKz3FeVt3Q6

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://infres.in/okoye/Panel/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      66ba1cf701941ec97285cf498ab67b9b_JaffaCakes118

    • Size

      564KB

    • MD5

      66ba1cf701941ec97285cf498ab67b9b

    • SHA1

      4be68c2581e02e36b0511792d8f564d8401ef5e7

    • SHA256

      faa03d8c2d40970ea9355723cd5bc393b8223ca964b2cb79a9e8c104e4c2d8c6

    • SHA512

      81f578c9b83db8cddd378fe26f20821e57d4f7a08d8eb9d7d1ee0356293c6a1c65ed76b1fd36598b61233ffe19791a9ae32b3d7021d4b73840111df7301de300

    • SSDEEP

      6144:Xrcg1wmtpg5gyjAzY+1HXsK7wCCZPj2zDIY63Q62:bcZKz3FeVt3Q6

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Uses the VBS compiler for execution

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks