Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    SecuriteInfo.com.Win32.TrojanX-gen.12860.exe

  • Size

    17KB

  • Sample

    220915-mm9bcsgebk

  • MD5

    cafbaaf95b4ec90c0869d56d4165bb24

  • SHA1

    249abfedf878fa7a1c97b9751f9938b3f4027637

  • SHA256

    30c61449c317a93868125e8fb38ba229abfafeeadaac71737b18271cd44faa00

  • SHA512

    eb9169c16ef31ed3bb1d297faccf663b2969e868e672e05b6be757ba156bc50b7fc2a5d478746025fefccfff31038c206f3b054a9807e9c3b2ef2c4126de42cb

  • SSDEEP

    384:eytGHOzb0FSEcyHGRWLrsmfZcu53PFEEAzP:eCGHj0ElGc8ulWJT

Malware Config

Extracted

Family

lokibot

C2

http://162.0.223.13/?KuOatnJixfa4FrBhDarNcHi2oNagjKp4eeeICY

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      SecuriteInfo.com.Win32.TrojanX-gen.12860.exe

    • Size

      17KB

    • MD5

      cafbaaf95b4ec90c0869d56d4165bb24

    • SHA1

      249abfedf878fa7a1c97b9751f9938b3f4027637

    • SHA256

      30c61449c317a93868125e8fb38ba229abfafeeadaac71737b18271cd44faa00

    • SHA512

      eb9169c16ef31ed3bb1d297faccf663b2969e868e672e05b6be757ba156bc50b7fc2a5d478746025fefccfff31038c206f3b054a9807e9c3b2ef2c4126de42cb

    • SSDEEP

      384:eytGHOzb0FSEcyHGRWLrsmfZcu53PFEEAzP:eCGHj0ElGc8ulWJT

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks