Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    8198636543.zip

  • Size

    785KB

  • Sample

    221017-1eyfsadegm

  • MD5

    9914d2c548e0a8ab4e0f54e675f70557

  • SHA1

    98de6d24f5526206a064f3d9a36a242def78ea6b

  • SHA256

    eaaafcf9f79a954589f9e4aa2fa66b584145007cbc3382f45e1eadc71e9b1622

  • SHA512

    d1b70304742f3146ad04f6f8a0d816e77bf3054f60f5da55a893f6ebeda0525c5546c8d4762bddc87c814dd3dda30ef3679dc41db8d38338c78e1cc8da2cb860

  • SSDEEP

    24576:wc7Phcbo+fy09jEvT4NApri66VegxGscmDxpYy3mgz:wYXIy09jItyGG73j

Malware Config

Extracted

Family

lokibot

C2

http://sempersim.su/gk18/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      Fowtronix October Order.exe

    • Size

      1.1MB

    • MD5

      529bf93a7a6496a052242a6f329c09f2

    • SHA1

      60e8459acb0ad1a5be89b20179ce88ee1f3e6584

    • SHA256

      6313ffbb1c480443bc4a59134d424a3c6b7087d023dc32eb9a9a08521a36be3c

    • SHA512

      66d93adfb150e82df124bb129bcdb9dc3eada400c6fd105385a3182357e2a6ed61962346c1031bc73a0c167a95c74a59fcae412aba5d43d849a1fa45fd4a2989

    • SSDEEP

      12288:EUcBv7AtkOId5RYXN7asgzymD19L69K08ygiXueLvMD9LTmaMdxipRT+FfMuu15V:KkJIdsl5mDb6cJdiv+LTmDdxawfBu1j

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks