Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    gunzipped.exe

  • Size

    622KB

  • Sample

    230425-cjemgafh62

  • MD5

    7f7786f7e514c06d1e4339872eadfbca

  • SHA1

    c31005105ee392b459b27f4905319f85132f623e

  • SHA256

    6f6d9a1e3f836778793c6c4d52bed1d222ecdf63aac071109f69e7fc2e268d7c

  • SHA512

    c45abd8a9a3331515fa6ff2677388656754575db1363469070fb56598437e75dfb164c771dccdf3f31bdc5ff4ade355203409cb5ecec2142aebf1056683fb374

  • SSDEEP

    12288:BbSJgvm3ik/o8wBVyZcuCqOongzxR0nfA7iGumi1:BbSJgvm3ikPwBQpCqOongFR0fAermi1

Malware Config

Extracted

Family

lokibot

C2

http://104.156.227.195/~blog/?p=78405647195

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      gunzipped.exe

    • Size

      622KB

    • MD5

      7f7786f7e514c06d1e4339872eadfbca

    • SHA1

      c31005105ee392b459b27f4905319f85132f623e

    • SHA256

      6f6d9a1e3f836778793c6c4d52bed1d222ecdf63aac071109f69e7fc2e268d7c

    • SHA512

      c45abd8a9a3331515fa6ff2677388656754575db1363469070fb56598437e75dfb164c771dccdf3f31bdc5ff4ade355203409cb5ecec2142aebf1056683fb374

    • SSDEEP

      12288:BbSJgvm3ik/o8wBVyZcuCqOongzxR0nfA7iGumi1:BbSJgvm3ikPwBQpCqOongFR0fAermi1

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks