Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    tmp

  • Size

    853KB

  • Sample

    230310-zwybnshb5v

  • MD5

    ad6e46ff30f73d902951da37cd59cc8b

  • SHA1

    e02d09ba4d0389c4e21212616ac9243d3827a8f2

  • SHA256

    5dcf6c2fcd4aa9a0578fade1d33a0735c6524386d580706a5e0bf9aa02873a3a

  • SHA512

    1cba8ff9b553776048281b46ca4d683388f48b79388b719173d8cd77901aee1c189b6b7d59c5ea01610551b8a992a897bf992e9c099f57ddeba160801c358c1c

  • SSDEEP

    12288:hwb4FlLKHFjcsLKKm1O5iMaVEOgu/QGP2SgY3LXGAq0AnSnj6QgELh0f75BQ6EKG:WSKmIikOroGK0bGsAe6QxLhQ7559Gt

Malware Config

Extracted

Family

lokibot

C2

http://171.22.30.147/chime/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      tmp

    • Size

      853KB

    • MD5

      ad6e46ff30f73d902951da37cd59cc8b

    • SHA1

      e02d09ba4d0389c4e21212616ac9243d3827a8f2

    • SHA256

      5dcf6c2fcd4aa9a0578fade1d33a0735c6524386d580706a5e0bf9aa02873a3a

    • SHA512

      1cba8ff9b553776048281b46ca4d683388f48b79388b719173d8cd77901aee1c189b6b7d59c5ea01610551b8a992a897bf992e9c099f57ddeba160801c358c1c

    • SSDEEP

      12288:hwb4FlLKHFjcsLKKm1O5iMaVEOgu/QGP2SgY3LXGAq0AnSnj6QgELh0f75BQ6EKG:WSKmIikOroGK0bGsAe6QxLhQ7559Gt

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks