Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    TNT Express_87993766478.exe

  • Size

    589KB

  • Sample

    230522-kqe6kshh7w

  • MD5

    38ec19cc8f6cc0a7a5a074d67be3fb31

  • SHA1

    d092714f42f1be135830c135d5e5798cc9e57a23

  • SHA256

    4b6cc1c1b1400777d4a0365763803915348fd8f12ece21bf694e2a3582e1f1eb

  • SHA512

    e0598e6873b569344ac84308a2dae7496736b4c1f813a2bf0395f05eae128759e382264950cf4dab4261eb79167bfa838cadc72f2914582c9a6250af2597df9e

  • SSDEEP

    12288:dt4x0YPX/NqPsoFAfwI755guLnNxihgM9mWB+K+j7o:dtvHPs0BI7IuLyhgM9e

Malware Config

Extracted

Family

lokibot

C2

http://161.35.102.56/~nikol/?p=143606594

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      TNT Express_87993766478.exe

    • Size

      589KB

    • MD5

      38ec19cc8f6cc0a7a5a074d67be3fb31

    • SHA1

      d092714f42f1be135830c135d5e5798cc9e57a23

    • SHA256

      4b6cc1c1b1400777d4a0365763803915348fd8f12ece21bf694e2a3582e1f1eb

    • SHA512

      e0598e6873b569344ac84308a2dae7496736b4c1f813a2bf0395f05eae128759e382264950cf4dab4261eb79167bfa838cadc72f2914582c9a6250af2597df9e

    • SSDEEP

      12288:dt4x0YPX/NqPsoFAfwI755guLnNxihgM9mWB+K+j7o:dtvHPs0BI7IuLyhgM9e

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks