Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    gunzipped.exe

  • Size

    552KB

  • Sample

    231031-wstyaseb98

  • MD5

    fc36cd1e8398a2a80c73adb216e1467f

  • SHA1

    8b23327b0cc9a846d4403a804a4ba510595072fe

  • SHA256

    8711e0e6e3e5e0b15d2998e1a5cd6843d5e6778109b74d6c68679880318b3cd4

  • SHA512

    f592350506b79331137f807ee3f081cad911f4584e9d33923456e7bcb5f73e1c070d39a31f9b7d66be0ef2f2481cb02c80496cd956631e483fc3dedeac79a6e6

  • SSDEEP

    12288:axauTX2lSW6RuDUva8kXdB4/itMklPg4RIKE8NK0EIWDm4:CLj2l56RuDUgHfi

Malware Config

Extracted

Family

lokibot

C2

http://146.190.157.174/wnaJUnFmVXSKF

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      gunzipped.exe

    • Size

      552KB

    • MD5

      fc36cd1e8398a2a80c73adb216e1467f

    • SHA1

      8b23327b0cc9a846d4403a804a4ba510595072fe

    • SHA256

      8711e0e6e3e5e0b15d2998e1a5cd6843d5e6778109b74d6c68679880318b3cd4

    • SHA512

      f592350506b79331137f807ee3f081cad911f4584e9d33923456e7bcb5f73e1c070d39a31f9b7d66be0ef2f2481cb02c80496cd956631e483fc3dedeac79a6e6

    • SSDEEP

      12288:axauTX2lSW6RuDUva8kXdB4/itMklPg4RIKE8NK0EIWDm4:CLj2l56RuDUgHfi

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks