Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    1b652800024590656654fceba385c2113d3be8c6fdefb2751657ec45c5fa82dc

  • Size

    566KB

  • Sample

    231106-q18tjabe2t

  • MD5

    d72bf664f772e823c569ffce19acabc4

  • SHA1

    429a8e7d1427f81ea9781138118209fb77bb4f17

  • SHA256

    1b652800024590656654fceba385c2113d3be8c6fdefb2751657ec45c5fa82dc

  • SHA512

    6ff655873c739ce25d0a8499ab057c44c98ef20acfca5f56539e20dc1bec7cfbecfa4d1cd4ffcdd942d18fb49a5b7f689e0af05e777fd9686cf774e38fa6e6d6

  • SSDEEP

    12288:SUQPnB6gl4xRetxhjXQNHJlMgQhJ4mazhcGoZE0vTPxbYU9G:/qnMnxRCVQ1MgQhJ4mOyGo2ETPJc

Malware Config

Extracted

Family

lokibot

C2

http://305.ebnsina.top/_errorpages/305/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      Receipt copy_06_11_2023.exe

    • Size

      632KB

    • MD5

      ef1672f5eca7537099892961b0d50e84

    • SHA1

      c9a4fcf743e49c6d73f85804115ebbc1e653c726

    • SHA256

      3f143e73dca2b93182b5871b4df93dad4c5def58dc4b1f0d7c7cfdbd47d39c88

    • SHA512

      a5c694556f2ad9a08262594ee7476fb94c1bb381ebe92d98761fe60a8f07d91aa958a9c61ccaf3579df77266f0007f6f40043f9a9e4cee3e101d231029458ef9

    • SSDEEP

      12288:UCWjtn/6O9xReXx5j5Q7pJxM0QfTJ2B24j4X9hBkxmkXa7BemEpWCm:UVhnSO9xRyrQdM0QfTJ2BOtrkgkXa7B/

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks