Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    -COA.zip

  • Size

    494KB

  • Sample

    230714-js983acg28

  • MD5

    369266c5a57aa515990cf9e0123d9d3a

  • SHA1

    8dd3c4b03d59dd27fe99d22c320b64ce0031f5b9

  • SHA256

    4409d718ffb291a47bb48b6f3ee47d46f0ed797b7640b244a4ad62892eb83fbd

  • SHA512

    ebb1e67a693786ff3f94adcd45c37664f73e28e7bca11f381927dbac14263c7e0ac6c6668886dbb0394c0d1f0289a0ba0c619b9607bc7cdc6b38892c936d01db

  • SSDEEP

    12288:KoONnBLrZzUQi4NkBjCyDk0nqIVCA4tuefFXq0RYn5iTQq7:pONnBLrZYQnkoyY0n5CA4tBFBI5iTN

Malware Config

Extracted

Family

lokibot

C2

http://185.246.220.85/ugopounds/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      -COA.exe

    • Size

      535KB

    • MD5

      97369a835182e261530a34a778a5b5a1

    • SHA1

      4773a475188ce7cbe12487f8f2b9f101bf68dee4

    • SHA256

      a1f77d1997422f4bb911ad530de645219d7b462baf1b7f6ee346c5409b169a08

    • SHA512

      a4adbfa75645bf72f6524193450596041dc97ef7ec9580f96a5c196ac35a18ff329382218c3e156e90fd2d5977818d150e1d5a3dc4d30751549b5f75791bfd68

    • SSDEEP

      6144:OpOcsfOqeazCR9aYTJ/LZjeEc20Z+qSkDuLjZC0cdZ9gZJ3I+ue0LthRn3zYeNn4:OMPoVjq+3kcjI0cd7UueWhdjYa1RM

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks