Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    bf6d218a8f0639049cd461bd016feb75.exe

  • Size

    520KB

  • Sample

    230505-x188maba7z

  • MD5

    bf6d218a8f0639049cd461bd016feb75

  • SHA1

    c270b009563f5fb794f32ed1adff088e9fc47e62

  • SHA256

    ae0d0c2a31f5fc59eb85300918c89dff9449822b197c41d35b372d57308aa9e5

  • SHA512

    3c70aaf4b50f4b6dca5c5d5801d871af5bd29eeae60693b2e5802ab503e6385a1aaa409286963287edc7d5955b86dd0f75c905722e2d0a75faa5ae1d2ee84bea

  • SSDEEP

    12288:Tzmo22fVK/XsxS6jWvVLbXXB1nErcwUmdpBOye:fmodf2iivFPg0ye

Malware Config

Extracted

Family

lokibot

C2

http://171.22.30.164/tmglobal/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      bf6d218a8f0639049cd461bd016feb75.exe

    • Size

      520KB

    • MD5

      bf6d218a8f0639049cd461bd016feb75

    • SHA1

      c270b009563f5fb794f32ed1adff088e9fc47e62

    • SHA256

      ae0d0c2a31f5fc59eb85300918c89dff9449822b197c41d35b372d57308aa9e5

    • SHA512

      3c70aaf4b50f4b6dca5c5d5801d871af5bd29eeae60693b2e5802ab503e6385a1aaa409286963287edc7d5955b86dd0f75c905722e2d0a75faa5ae1d2ee84bea

    • SSDEEP

      12288:Tzmo22fVK/XsxS6jWvVLbXXB1nErcwUmdpBOye:fmodf2iivFPg0ye

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks