Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    kellydbt4186.exe

  • Size

    832KB

  • Sample

    230308-m3lj8sfc2t

  • MD5

    3c35cb135af22e28a87647343833d4d1

  • SHA1

    32dd9b7a9fb366f7ddc71582bf942f966c95fea0

  • SHA256

    4cfeafd256d56b8d617006bb48351e85a46b7f278d3363c0712c3277036bf7ec

  • SHA512

    08cdbb4946b09f1f96df5483220536fc20027b9e1aee0a5660b35f655c44bf417bde0ee43dfaa58d8b573061c05857f74310e38ba635457ddaca527ede03e926

  • SSDEEP

    24576:iEP78/1Uwnl19Ju9Ke1zbnyOifos3v1C8LFg:mnw9Ke1nIo+v17pg

Malware Config

Extracted

Family

lokibot

C2

http://171.22.30.147/kelly/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      kellydbt4186.exe

    • Size

      832KB

    • MD5

      3c35cb135af22e28a87647343833d4d1

    • SHA1

      32dd9b7a9fb366f7ddc71582bf942f966c95fea0

    • SHA256

      4cfeafd256d56b8d617006bb48351e85a46b7f278d3363c0712c3277036bf7ec

    • SHA512

      08cdbb4946b09f1f96df5483220536fc20027b9e1aee0a5660b35f655c44bf417bde0ee43dfaa58d8b573061c05857f74310e38ba635457ddaca527ede03e926

    • SSDEEP

      24576:iEP78/1Uwnl19Ju9Ke1zbnyOifos3v1C8LFg:mnw9Ke1nIo+v17pg

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks