Overview

overview

10

Static

static

dridex

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e6d1fbcf9929c353518f99d8ed9c842edff49dd94c52798c849d9b65ff756d0f

  • Size

    719KB

  • Sample

    220217-m3rq9abac3

  • MD5

    4a8e35c7190f769742bb51ce111e34c8

  • SHA1

    6d996f0fb3ee86a617ce7c47e489235336129453

  • SHA256

    e6d1fbcf9929c353518f99d8ed9c842edff49dd94c52798c849d9b65ff756d0f

  • SHA512

    a095d430916548a0ba6b67d093c751db41750ac40e183cf3b6eca8e665dbf57acf48698d43fb355bc1e9f29508fcc7c92c419429b126a75a3551caf0b8df8604

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://secure01-redirect.net/gd3/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      e6d1fbcf9929c353518f99d8ed9c842edff49dd94c52798c849d9b65ff756d0f

    • Size

      719KB

    • MD5

      4a8e35c7190f769742bb51ce111e34c8

    • SHA1

      6d996f0fb3ee86a617ce7c47e489235336129453

    • SHA256

      e6d1fbcf9929c353518f99d8ed9c842edff49dd94c52798c849d9b65ff756d0f

    • SHA512

      a095d430916548a0ba6b67d093c751db41750ac40e183cf3b6eca8e665dbf57acf48698d43fb355bc1e9f29508fcc7c92c419429b126a75a3551caf0b8df8604

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks