Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    9ff9576a8de660d3d0e00849e4c1420e_JaffaCakes118

  • Size

    799KB

  • Sample

    240612-j1cmrsvhjk

  • MD5

    9ff9576a8de660d3d0e00849e4c1420e

  • SHA1

    cd7bf7e3ab9d574aac00cd7dad84e9e35107fa41

  • SHA256

    635eb4e1771275f8e76ecbea800495c2cfe4cd888f5d0118d3e0b4f5d629898b

  • SHA512

    5e796e033db228b472cf110b83fc03377a0a34ea4e532224e4da1537558f7a49330a3e29c9f4c86385e862d44c28c57a40c907582dc92502bcb3d5dd17dd30c1

  • SSDEEP

    24576:+EN973phvt8tmUdkw1x3b1hUTSnIFVyAVq:+EN973PvEL2w37UTSIT1

Malware Config

Extracted

Family

lokibot

C2

http://89.46.222.77/MaX/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      9ff9576a8de660d3d0e00849e4c1420e_JaffaCakes118

    • Size

      799KB

    • MD5

      9ff9576a8de660d3d0e00849e4c1420e

    • SHA1

      cd7bf7e3ab9d574aac00cd7dad84e9e35107fa41

    • SHA256

      635eb4e1771275f8e76ecbea800495c2cfe4cd888f5d0118d3e0b4f5d629898b

    • SHA512

      5e796e033db228b472cf110b83fc03377a0a34ea4e532224e4da1537558f7a49330a3e29c9f4c86385e862d44c28c57a40c907582dc92502bcb3d5dd17dd30c1

    • SSDEEP

      24576:+EN973phvt8tmUdkw1x3b1hUTSnIFVyAVq:+EN973PvEL2w37UTSIT1

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses Microsoft Outlook profiles

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks