Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    AWB# 10235516763.exe

  • Size

    944KB

  • Sample

    230605-gla5aafa69

  • MD5

    af47ae14745653905d907485f64b821a

  • SHA1

    6fc98df45c391ba42025f17137a4448b15089341

  • SHA256

    c6b9515b2ec0ab542e367db58cefdedcd446f00ea5bf864ed1906c38ceba1e1a

  • SHA512

    2221d1d6d3725ff90131eb78fa618835803903e2b1ce27c8e6f8e715b689298b9cda4e8c30633bcf1ca791dc5a3a0e1bdd8c1372d591533c94057110dd1a6c8a

  • SSDEEP

    12288:Q5eUkPxlE+NFzYKRMBFq5HOkoRACH6aFJ07oqQdfeFvgBTfAOow+YAR:DGrq45HaVRQdAvgBTfeJDR

Malware Config

Extracted

Family

lokibot

C2

http://161.35.102.56/~nikol/?p=41491438105

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      AWB# 10235516763.exe

    • Size

      944KB

    • MD5

      af47ae14745653905d907485f64b821a

    • SHA1

      6fc98df45c391ba42025f17137a4448b15089341

    • SHA256

      c6b9515b2ec0ab542e367db58cefdedcd446f00ea5bf864ed1906c38ceba1e1a

    • SHA512

      2221d1d6d3725ff90131eb78fa618835803903e2b1ce27c8e6f8e715b689298b9cda4e8c30633bcf1ca791dc5a3a0e1bdd8c1372d591533c94057110dd1a6c8a

    • SSDEEP

      12288:Q5eUkPxlE+NFzYKRMBFq5HOkoRACH6aFJ07oqQdfeFvgBTfAOow+YAR:DGrq45HaVRQdAvgBTfeJDR

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks