Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ca2a87b0664849a8f35d69cabebb190ca348c84db69196c9a3da45952bc16905

  • Size

    260KB

  • Sample

    220131-frlbrsgad3

  • MD5

    1e7c6b3a5cbc9bca9af96ac238da074c

  • SHA1

    5bd24027dd1ac9ab9ea786bdf02cc157661dbb76

  • SHA256

    ca2a87b0664849a8f35d69cabebb190ca348c84db69196c9a3da45952bc16905

  • SHA512

    c4901a69bb8d8705e50a6b820bbd8266768e409f7501684dd4377e869d1fb395b290addeac288809cf4c9fb4429c0143f30531a78f078d43130f5ab1c41dcd75

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://secure01-redirect.net/gc14/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      ca2a87b0664849a8f35d69cabebb190ca348c84db69196c9a3da45952bc16905

    • Size

      260KB

    • MD5

      1e7c6b3a5cbc9bca9af96ac238da074c

    • SHA1

      5bd24027dd1ac9ab9ea786bdf02cc157661dbb76

    • SHA256

      ca2a87b0664849a8f35d69cabebb190ca348c84db69196c9a3da45952bc16905

    • SHA512

      c4901a69bb8d8705e50a6b820bbd8266768e409f7501684dd4377e869d1fb395b290addeac288809cf4c9fb4429c0143f30531a78f078d43130f5ab1c41dcd75

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection
    behavioral1

MITRE ATT&CK Enterprise v6

Tasks