Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    FedEx_AWB#725323201643.exe

  • Size

    446KB

  • Sample

    230815-pxx27acf7s

  • MD5

    255f19c4ccdc14e35b44074ffc8e5607

  • SHA1

    2a694b6ca0e8c00a09eab590a45964cc301a4b75

  • SHA256

    9ee5d34b5de79e79f492e962d73fb45d7eb63d6b5f146e29a1a27a7bcb6c9a14

  • SHA512

    73a749978219906d58b5e3b7740e86c91d1aa073f00b281787667c1d042fe5f37b609549d8b7eb730d391513f16dd5b3375bf083a76bc3194015cc48353d6482

  • SSDEEP

    12288:KPV/OR9skrZfEgQq02Bs8RgIrQrDT1l+B/JMdWf8QT:/3vr2202+82I8rtaBM4f8

Malware Config

Extracted

Family

lokibot

C2

http://216.128.145.196/~wellseconds/?p=66663842554017

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      FedEx_AWB#725323201643.exe

    • Size

      446KB

    • MD5

      255f19c4ccdc14e35b44074ffc8e5607

    • SHA1

      2a694b6ca0e8c00a09eab590a45964cc301a4b75

    • SHA256

      9ee5d34b5de79e79f492e962d73fb45d7eb63d6b5f146e29a1a27a7bcb6c9a14

    • SHA512

      73a749978219906d58b5e3b7740e86c91d1aa073f00b281787667c1d042fe5f37b609549d8b7eb730d391513f16dd5b3375bf083a76bc3194015cc48353d6482

    • SSDEEP

      12288:KPV/OR9skrZfEgQq02Bs8RgIrQrDT1l+B/JMdWf8QT:/3vr2202+82I8rtaBM4f8

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks