Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    tmp

  • Size

    716KB

  • Sample

    221122-pe2bwscd55

  • MD5

    cfcee5ee81b5f9170fd4b673583b5f12

  • SHA1

    c1783db922cbc72c28582655448804d75cd555be

  • SHA256

    8325e49180840f7c62839f6dcccc78ff1236fb5262811e019c3cc41de65db0e7

  • SHA512

    5b01e83b04781eb7aadc1ffbf32799273733b322a3a54e5399295874ecf44584a40896a4e0d3c4df802613ff541a704b8c3e0c9cf9a2a7534244ae059a8fefa1

  • SSDEEP

    12288:Fcr2iNvsOL/GXh8L74mBfNUstzoCnsUrYKBBHnqAAezy3rUNVJNT:er18+L74mBfNUstzo9UrlBHAf3r8JN

Malware Config

Extracted

Family

lokibot

C2

http://171.22.30.164/kelly/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      tmp

    • Size

      716KB

    • MD5

      cfcee5ee81b5f9170fd4b673583b5f12

    • SHA1

      c1783db922cbc72c28582655448804d75cd555be

    • SHA256

      8325e49180840f7c62839f6dcccc78ff1236fb5262811e019c3cc41de65db0e7

    • SHA512

      5b01e83b04781eb7aadc1ffbf32799273733b322a3a54e5399295874ecf44584a40896a4e0d3c4df802613ff541a704b8c3e0c9cf9a2a7534244ae059a8fefa1

    • SSDEEP

      12288:Fcr2iNvsOL/GXh8L74mBfNUstzoCnsUrYKBBHnqAAezy3rUNVJNT:er18+L74mBfNUstzo9UrlBHAf3r8JN

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks