Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Order.xls
-
Size
62KB
-
Sample
250128-nh2amaznck
-
MD5
641cfd5a568fae40164ad2f493c6a6ce
-
SHA1
7aff16774ebcb88d3081bbe4b56c4237c30b89ae
-
SHA256
a9f6314789b922b612cf971c0e7dfcfa758b7f192827b1b6304e8e6c90029c22
-
SHA512
af9b5c26ed1b0368f8c3a78b4228c6433089f54201c1769d31075878cdc4d34901998771f524aa5609ac4d28bbe787f1dc11bba6b4919197859d503b17123f8a
-
SSDEEP
1536:j5555stZggEGeNDNlWqAnCnxEtjPOtioVjDGUU1qfDlaGGx+cL2QnAs6/EmoBPGL:FnxEtjPOtioVjDGUU1qfDlaGGx+cL2Qe
Malware Config
Extracted
lokibot
http://46.183.222.162/bcxgfhgsf/Panel/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
Order.xls
-
Size
62KB
-
MD5
641cfd5a568fae40164ad2f493c6a6ce
-
SHA1
7aff16774ebcb88d3081bbe4b56c4237c30b89ae
-
SHA256
a9f6314789b922b612cf971c0e7dfcfa758b7f192827b1b6304e8e6c90029c22
-
SHA512
af9b5c26ed1b0368f8c3a78b4228c6433089f54201c1769d31075878cdc4d34901998771f524aa5609ac4d28bbe787f1dc11bba6b4919197859d503b17123f8a
-
SSDEEP
1536:j5555stZggEGeNDNlWqAnCnxEtjPOtioVjDGUU1qfDlaGGx+cL2QnAs6/EmoBPGL:FnxEtjPOtioVjDGUU1qfDlaGGx+cL2Qe
Score10/10-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
Lokibot family
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-