Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    8f452907a97d806d962315ba166f89ef

  • Size

    467KB

  • Sample

    240204-qq6w7adafq

  • MD5

    8f452907a97d806d962315ba166f89ef

  • SHA1

    f9f68ed3bce640f1b9c5de2c213ee6793fe8289e

  • SHA256

    5463a649756bd0c22d0e604aca9a7c5f1cb886d4666c013b61077aaaa9992728

  • SHA512

    99e464cc3cdb1e705886d6bb12e518681a0c85c02e080ba7eef894802911433187cdaaade66b25dd3488a181c3af90c0d039120892b434a726465befe622fc92

  • SSDEEP

    6144:FQ3R6/VOA55wg6AoP8LOyKL8s61CeeDA2OBsdcNiiduTRgNjXaiaYtYY:K309O+Wg6AoPZ8DKIsWyONraiaYtY

Malware Config

Extracted

Family

lokibot

C2

http://185.227.139.18/dsaicosaicasdi.php/mxnW4pqpedfLr

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      8f452907a97d806d962315ba166f89ef

    • Size

      467KB

    • MD5

      8f452907a97d806d962315ba166f89ef

    • SHA1

      f9f68ed3bce640f1b9c5de2c213ee6793fe8289e

    • SHA256

      5463a649756bd0c22d0e604aca9a7c5f1cb886d4666c013b61077aaaa9992728

    • SHA512

      99e464cc3cdb1e705886d6bb12e518681a0c85c02e080ba7eef894802911433187cdaaade66b25dd3488a181c3af90c0d039120892b434a726465befe622fc92

    • SSDEEP

      6144:FQ3R6/VOA55wg6AoP8LOyKL8s61CeeDA2OBsdcNiiduTRgNjXaiaYtYY:K309O+Wg6AoPZ8DKIsWyONraiaYtY

    • Detect ZGRat V1

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

    • ZGRat

      ZGRat is remote access trojan written in C#.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks