Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    73578dbfcec0b67c49f7d53f6c7230e9_JaffaCakes118

  • Size

    178KB

  • Sample

    240525-1llessca75

  • MD5

    73578dbfcec0b67c49f7d53f6c7230e9

  • SHA1

    04472b632bc767a0bcd930eed8e24a6b057d4941

  • SHA256

    1b2a9fa6e6890199bb70dce2035d8f599f2af4505bef8e05def2954f6a5ce376

  • SHA512

    a619d97b032bffe1834093064648fe83905ac894cd295c0aba7d3ed47f36790f6d20cd99249fb7e4ec4a0e445292a70b8274e76e3aa1458659ab211917c729d4

  • SSDEEP

    3072:8JxnEscvD02nTv3ofSKoC221OnB+sDHpU+oIpWelTwp5b+4+rl08kKUGtX:+nEXVTvev22143e+vRwHb+Frl08hUU

Malware Config

Extracted

Family

lokibot

C2

http://youthwinger.com/let/Panel/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      73578dbfcec0b67c49f7d53f6c7230e9_JaffaCakes118

    • Size

      178KB

    • MD5

      73578dbfcec0b67c49f7d53f6c7230e9

    • SHA1

      04472b632bc767a0bcd930eed8e24a6b057d4941

    • SHA256

      1b2a9fa6e6890199bb70dce2035d8f599f2af4505bef8e05def2954f6a5ce376

    • SHA512

      a619d97b032bffe1834093064648fe83905ac894cd295c0aba7d3ed47f36790f6d20cd99249fb7e4ec4a0e445292a70b8274e76e3aa1458659ab211917c729d4

    • SSDEEP

      3072:8JxnEscvD02nTv3ofSKoC221OnB+sDHpU+oIpWelTwp5b+4+rl08kKUGtX:+nEXVTvev22143e+vRwHb+Frl08hUU

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

MITRE ATT&CK Enterprise v15

Tasks