Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    tmp

  • Size

    682KB

  • Sample

    220924-k5s1zscccr

  • MD5

    6f2ad08514a304c31b1a7ad3cd6b8892

  • SHA1

    56ed290d454a364c74c64dec541bd180abfc9cde

  • SHA256

    0d3e3b77f530d1d4ae4abc3ac74283ea6e6ff41784a14447e925ee88e6d057c5

  • SHA512

    7f9daa48a2ea651aafa94c2ae77d232f0cf0162cebb08c3c97d37bae1adfc862b2dea4b47f02ded57a824fb0615505dd0c8ea1b33cc7b0ba72dde114b876dcba

  • SSDEEP

    6144:meTovsajJASxSm08OGO9XgQlGlNo6w8PGA3dkhxRcDXsto5tq:zeMGOGO9dclNoN8Pr3Sr4s

Malware Config

Extracted

Family

lokibot

C2

http://208.67.105.161/jungleone/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      tmp

    • Size

      682KB

    • MD5

      6f2ad08514a304c31b1a7ad3cd6b8892

    • SHA1

      56ed290d454a364c74c64dec541bd180abfc9cde

    • SHA256

      0d3e3b77f530d1d4ae4abc3ac74283ea6e6ff41784a14447e925ee88e6d057c5

    • SHA512

      7f9daa48a2ea651aafa94c2ae77d232f0cf0162cebb08c3c97d37bae1adfc862b2dea4b47f02ded57a824fb0615505dd0c8ea1b33cc7b0ba72dde114b876dcba

    • SSDEEP

      6144:meTovsajJASxSm08OGO9XgQlGlNo6w8PGA3dkhxRcDXsto5tq:zeMGOGO9dclNoN8Pr3Sr4s

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks