Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
ff4cafc13c985a010e3c2532a7a8ef30_JaffaCakes118
-
Size
347KB
-
Sample
240929-zgg15stcmf
-
MD5
ff4cafc13c985a010e3c2532a7a8ef30
-
SHA1
105bb100c2581938c20bed2dffee317df1e849d7
-
SHA256
d5fa180d5669d0e9b65aad9cf161399aa115e5873a3543e83ebc824fd2aed80a
-
SHA512
2ea458cf03a57056c67d8ec0ad22d13e497e83ddc8eef9b4e670cb929aa4774165a24e6ba0f078b6949f83e75af9a116a32de82ffebd419d5213a0c05c1bbd42
-
SSDEEP
6144:CJZj3XBjlkq27zgxRiqbUfua+UeX2dr2/e:WzZo7cviqQN+UeXIrJ
Malware Config
Extracted
lokibot
http://37.46.150.194/ouc/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
ff4cafc13c985a010e3c2532a7a8ef30_JaffaCakes118
-
Size
347KB
-
MD5
ff4cafc13c985a010e3c2532a7a8ef30
-
SHA1
105bb100c2581938c20bed2dffee317df1e849d7
-
SHA256
d5fa180d5669d0e9b65aad9cf161399aa115e5873a3543e83ebc824fd2aed80a
-
SHA512
2ea458cf03a57056c67d8ec0ad22d13e497e83ddc8eef9b4e670cb929aa4774165a24e6ba0f078b6949f83e75af9a116a32de82ffebd419d5213a0c05c1bbd42
-
SSDEEP
6144:CJZj3XBjlkq27zgxRiqbUfua+UeX2dr2/e:WzZo7cviqQN+UeXIrJ
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-