Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    TNT Express_87079376647.rar

  • Size

    481KB

  • Sample

    231023-e1hrkadh7x

  • MD5

    7e8656719b230e068fb95917d42b8359

  • SHA1

    83336f0d7f7e85412569c12ef40cf61c01074536

  • SHA256

    df339ac012094b005184425c3c9363c59dd6e46b154bc0da8cd968438e41a818

  • SHA512

    0c3e64bee7a457386ecdc55adba935cb0a4af540ed9d6ccdb690d7a05726564615944cd23c70e5dbf4a5dfde61670c00c1667d6b26354e32faad192f5e4925d8

  • SSDEEP

    12288:k9ckQr3QduKL6XNJXPn03UOtVVRhGvpDZT:k9ckQkdu3XrPahEL

Malware Config

Extracted

Family

lokibot

C2

http://45.77.76.224/~clinics/uhjaX1tXloDzACvaR

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      TNT Express_87079376647.exe

    • Size

      824KB

    • MD5

      d8b4d7f78634174ff90e35704ce53d26

    • SHA1

      3115f01c4a304248bfa2de8a03da07695f465d81

    • SHA256

      c430d7727c13405bdff5e40e65e6dc203b2e0294d7de0ba4a5bef64196e39190

    • SHA512

      0c3c9af1959ae4f8a48b06b0ca3db9e83fb857abaf56105c7ec801946651fb389c9c4c37b057caa88097fa3e1bca99d9d37e6b241f76156c363ef0d15cecac4c

    • SSDEEP

      6144:4dljrLxRukM6+cHVPutFJ+hNEUY5D9ZJKqPuotojLhuAlVRCeJ98McyeGm6qjvl1:4r31+cHVPks4DBXutj7CeJtelDPu

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks