Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    28d4101cef00acd3914aecaa06d50a27be0f8b8819e9a37c5ec863d9989a28c4.zip

  • Size

    827KB

  • Sample

    230308-nf71dsfh82

  • MD5

    117eb3e98411d77cfeed52949085c71d

  • SHA1

    015ab59c48946f5bb9c4b90915b1c61d16f95eb7

  • SHA256

    0426675ed2e21bdb3651804800bbb9006c74650c0b16060c81971f847475a4f5

  • SHA512

    28d6ce39a125629e27399e9cce49f7d7ce01e5171939ee66e64aaba3e9e54192531006bb3fe7803bab6c36f28c587110fe54f0a74b597e9ab45ad2ff31bf86de

  • SSDEEP

    24576:urhq2fVI4oFdJHSl5R7sndJ4P5X7sGM8OLVDXg:WhqQVpoPJHSOndCRLvMjDw

Malware Config

Extracted

Family

lokibot

C2

https://sempersim.su/ha22/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      28d4101cef00acd3914aecaa06d50a27be0f8b8819e9a37c5ec863d9989a28c4.exe

    • Size

      992KB

    • MD5

      eff63edb21dc723a40b41704a7634ab7

    • SHA1

      14afa54eba8346e683338a34650da45dce3aaed5

    • SHA256

      28d4101cef00acd3914aecaa06d50a27be0f8b8819e9a37c5ec863d9989a28c4

    • SHA512

      208f8949fb3cdd23f2a3c67caaa0449567ecbdc8161dd8cc9bd7118884771f6c6124e7450f3e4d937a682fe71687f1d962626c22d08f908b93b82f6dd88acec7

    • SSDEEP

      24576:YMFy+jFy+IA0Iwm/IYBbABlj+jx/x49E25CX:tFrjFrIzaIYAljO1++25CX

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks