Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

777d7d9e65...18.exe

windows7-x64

10

777d7d9e65...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    777d7d9e6568b0007a67d4bb884bb34c_JaffaCakes118

  • Size

    857KB

  • Sample

    240527-b2n37abg2s

  • MD5

    777d7d9e6568b0007a67d4bb884bb34c

  • SHA1

    9e61e53c4527d3852219ffdcfd0aa899eae60f82

  • SHA256

    e83a058d52adf6a33b10379828c71bbc480a788433653abd678460827e369d65

  • SHA512

    1474a85f9b5fe3e5415a7ba2be87a5a7430fe15917e268ffae8adc0e31e5fb821261780edf5fc79fea0fcd9c3b332258a14b91be92009d337083a6b1338bf66d

  • SSDEEP

    12288:Fxe/Q1nfvxSmigDbgUO+h+/rYE3BSybrsxaFKzudQ+b7GgQaqxD/SnwY9Bhz9Lg8:3e4Sxw/i3g4osFLDkaqVSn150x6

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://didxbooks.com/3yt00/pin.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      777d7d9e6568b0007a67d4bb884bb34c_JaffaCakes118

    • Size

      857KB

    • MD5

      777d7d9e6568b0007a67d4bb884bb34c

    • SHA1

      9e61e53c4527d3852219ffdcfd0aa899eae60f82

    • SHA256

      e83a058d52adf6a33b10379828c71bbc480a788433653abd678460827e369d65

    • SHA512

      1474a85f9b5fe3e5415a7ba2be87a5a7430fe15917e268ffae8adc0e31e5fb821261780edf5fc79fea0fcd9c3b332258a14b91be92009d337083a6b1338bf66d

    • SSDEEP

      12288:Fxe/Q1nfvxSmigDbgUO+h+/rYE3BSybrsxaFKzudQ+b7GgQaqxD/SnwY9Bhz9Lg8:3e4Sxw/i3g4osFLDkaqVSn150x6

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks