Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    059703b7a182a2e9be1567e72d10891b7e0bf8dbe2df1db6268207bf96e7030c

  • Size

    662KB

  • Sample

    230531-pv7tlsfa34

  • MD5

    8dadad022754626954a2be4a450edd88

  • SHA1

    ef6f08992d0d91617c86750fe6bab1d1de194700

  • SHA256

    059703b7a182a2e9be1567e72d10891b7e0bf8dbe2df1db6268207bf96e7030c

  • SHA512

    52a8469e9ec2c71d3dba770fc55f995b0a70211284598eac5b693d3874f3a4d87086058745f977d5676873d8593deeda1dcde246016c8048bee84106223d58cb

  • SSDEEP

    12288:RfK9AMTihh6xhZ6Oruii50Me2goxfMYA1fm6iDpXoHqtCGzQ:pMUgh8yBergoNMxm6KXDcV

Malware Config

Extracted

Family

lokibot

C2

http://185.246.220.60/bugg/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      059703b7a182a2e9be1567e72d10891b7e0bf8dbe2df1db6268207bf96e7030c

    • Size

      662KB

    • MD5

      8dadad022754626954a2be4a450edd88

    • SHA1

      ef6f08992d0d91617c86750fe6bab1d1de194700

    • SHA256

      059703b7a182a2e9be1567e72d10891b7e0bf8dbe2df1db6268207bf96e7030c

    • SHA512

      52a8469e9ec2c71d3dba770fc55f995b0a70211284598eac5b693d3874f3a4d87086058745f977d5676873d8593deeda1dcde246016c8048bee84106223d58cb

    • SSDEEP

      12288:RfK9AMTihh6xhZ6Oruii50Me2goxfMYA1fm6iDpXoHqtCGzQ:pMUgh8yBergoNMxm6KXDcV

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks