Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    873fee557cee63c1740c1717b658d4fc

  • Size

    464KB

  • Sample

    240201-s2chtsahcr

  • MD5

    873fee557cee63c1740c1717b658d4fc

  • SHA1

    fe470a99beaf6fc6332ca93ee3204c2fdf935db3

  • SHA256

    ff38471f7d7466125fc45cefe8713f35e8cf841bc7833299a7c0496f2dd1e5ac

  • SHA512

    a4c04db238215d263fba3b95f80a089ec2f6a8edc2f1fb9aa6a593c7820f491d1b339e798c45fed91e69a9886f83291fe9479ddc8e3a93a37fd5d2de649ca533

  • SSDEEP

    6144:cJcbb7rnlh/yLGb5uV317wwx1l2Wb++hAPswJqveMeiUMnaxgZWS3ySefFazfm2U:ucbJ9y8o10C1Y/qWM/axsWS3ySet4ZU

Malware Config

Extracted

Family

lokibot

C2

http://65.21.223.84/~t/i.html/crpROu41TGaLY

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      873fee557cee63c1740c1717b658d4fc

    • Size

      464KB

    • MD5

      873fee557cee63c1740c1717b658d4fc

    • SHA1

      fe470a99beaf6fc6332ca93ee3204c2fdf935db3

    • SHA256

      ff38471f7d7466125fc45cefe8713f35e8cf841bc7833299a7c0496f2dd1e5ac

    • SHA512

      a4c04db238215d263fba3b95f80a089ec2f6a8edc2f1fb9aa6a593c7820f491d1b339e798c45fed91e69a9886f83291fe9479ddc8e3a93a37fd5d2de649ca533

    • SSDEEP

      6144:cJcbb7rnlh/yLGb5uV317wwx1l2Wb++hAPswJqveMeiUMnaxgZWS3ySefFazfm2U:ucbJ9y8o10C1Y/qWM/axsWS3ySet4ZU

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks