Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    PI-EP 05919.zip

  • Size

    507KB

  • Sample

    230719-lztk1adb3t

  • MD5

    a30f255d2d8f3b25d33d4f670843e901

  • SHA1

    5bf558a9388604e7a2efc619d52f8219596322d2

  • SHA256

    faf6943211190f86e38fad307c55717e2502871e459a7b2ebbab03a577601885

  • SHA512

    1c3d5fcd256b9f2d9b07cd17849be653dda4593330b310a359bf13a0d2cefd06016ffe4bf56b4c9a55ecca8418a65ff633fcc69add6b98cd10e965e6c4fe8509

  • SSDEEP

    12288:ScU2gxvS2P3i3ua/Hjd+775PtoNAOnKM0YrA5Cv8vn8:ScUXZS2PGboHfoNADYVvg8

Malware Config

Extracted

Family

lokibot

C2

http://185.246.220.85/ugopounds/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      PI-EP 05919.exe

    • Size

      559KB

    • MD5

      103264e1af3afccc182abbb66ff64bb5

    • SHA1

      96765da528bc4bc406894dc020adafd080e04af0

    • SHA256

      95934ccfa95253459a4caa462ebcb4435c27ef7ce1d3a7aa4c8d6ddea9806938

    • SHA512

      87541ea2c33d08f75a33e1cc9c667b8eb64a5b4ada65b7490f53f60dba08e5606281093bf58d283bd48bdd55ae0cbecd40bb16dff9f3ad2ba6a5188213b8c68c

    • SSDEEP

      12288:tPYPfY7fpf88MbfL5wiE4UYLXb57GdWacRmg8D4jd:tPYPglfabz5wiMkGEpx

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks