Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

6cec8e58bb...JC.xls

windows7-x64

10

6cec8e58bb...JC.xls

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6cec8e58bbf6ebe3e4a3baa2310307930d5a84839a0edbdb630aef6c1fddc9f6xls_JC.xls

  • Size

    1.6MB

  • Sample

    230806-ln4a3agg79

  • MD5

    d1a5f0d011f958e14d46dbf301707a15

  • SHA1

    03a175fe4db4f4fcaee3899f0f0e4c0e71a5ccda

  • SHA256

    6cec8e58bbf6ebe3e4a3baa2310307930d5a84839a0edbdb630aef6c1fddc9f6

  • SHA512

    87c33f02f35bf4679695e0473ad48c4c9674f3c548c065ee1c1f4d862ec195e4ffce3ae8d9eff3258367b88f492d8cddb7f7ef661c05a3469a9ad0771c9057fc

  • SSDEEP

    49152:OQmmQ30mupF6VUQmmQ3030V6VXiNhv3t3bXXm7PuaMo0:OpmQkmmmUpmQk3cmXMhhX/a

Score
10/10
lokibotspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://2.59.254.19/fresh2/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      6cec8e58bbf6ebe3e4a3baa2310307930d5a84839a0edbdb630aef6c1fddc9f6xls_JC.xls

    • Size

      1.6MB

    • MD5

      d1a5f0d011f958e14d46dbf301707a15

    • SHA1

      03a175fe4db4f4fcaee3899f0f0e4c0e71a5ccda

    • SHA256

      6cec8e58bbf6ebe3e4a3baa2310307930d5a84839a0edbdb630aef6c1fddc9f6

    • SHA512

      87c33f02f35bf4679695e0473ad48c4c9674f3c548c065ee1c1f4d862ec195e4ffce3ae8d9eff3258367b88f492d8cddb7f7ef661c05a3469a9ad0771c9057fc

    • SSDEEP

      49152:OQmmQ30mupF6VUQmmQ3030V6VXiNhv3t3bXXm7PuaMo0:OpmQkmmmUpmQk3cmXMhhX/a

    Score
    10/10
    lokibotspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks