Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    0aab1e371452f83e1b75bac424d4123c.exe

  • Size

    999KB

  • Sample

    230613-xn7h9sba9y

  • MD5

    0aab1e371452f83e1b75bac424d4123c

  • SHA1

    9e93c2e1bbb55a04b229e86a0ebc886783f6e2c9

  • SHA256

    852e0d9a8f474077261d053d587868b211e70eff320a7e7067c3fc1cb3253ea5

  • SHA512

    142fdc7f5d170d5addc67ff5783d26859075d0d7f18ec3d11a0f2e8b4f89ef79a5970e9adfc490342b1bcf8e1d6fd005feb8c10eb3857198ddb6f09ddf41337f

  • SSDEEP

    12288:vqrofviVFglmZIrHlNDOM+dOmyy7aMXEw2M:vXKw8+zDbmyc5XYM

Malware Config

Extracted

Family

lokibot

C2

http://161.35.102.56/~nikol/?p=8254674426

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      0aab1e371452f83e1b75bac424d4123c.exe

    • Size

      999KB

    • MD5

      0aab1e371452f83e1b75bac424d4123c

    • SHA1

      9e93c2e1bbb55a04b229e86a0ebc886783f6e2c9

    • SHA256

      852e0d9a8f474077261d053d587868b211e70eff320a7e7067c3fc1cb3253ea5

    • SHA512

      142fdc7f5d170d5addc67ff5783d26859075d0d7f18ec3d11a0f2e8b4f89ef79a5970e9adfc490342b1bcf8e1d6fd005feb8c10eb3857198ddb6f09ddf41337f

    • SSDEEP

      12288:vqrofviVFglmZIrHlNDOM+dOmyy7aMXEw2M:vXKw8+zDbmyc5XYM

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks