Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    51646be768aa2ba3c5b919593f31171f32a247f08e164987bd4a4479d97454ca

  • Size

    546KB

  • Sample

    220706-b44lnahcc7

  • MD5

    55cd077e34718e6dd5321ba23c2b0ce0

  • SHA1

    4f3eaf328eacbb6b624fc8db2e0ceb87aebf980e

  • SHA256

    51646be768aa2ba3c5b919593f31171f32a247f08e164987bd4a4479d97454ca

  • SHA512

    84fc76e8f1e072a32dd7abe414439513d515b9ee20c0ad235ad2fe28629bdf66164ddf913ed0641f9dbc834f8dde5b01bb0f19656d014ca8719ca19d32d9b96e

Score
10/10
lokibotcollectionspywarestealersuricatatrojan

Malware Config

Extracted

Family

lokibot

C2

http://37.0.11.227/rostov1/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

http://�����������Ѝ������Й���Й��я��

Targets

    • Target

      51646be768aa2ba3c5b919593f31171f32a247f08e164987bd4a4479d97454ca

    • Size

      546KB

    • MD5

      55cd077e34718e6dd5321ba23c2b0ce0

    • SHA1

      4f3eaf328eacbb6b624fc8db2e0ceb87aebf980e

    • SHA256

      51646be768aa2ba3c5b919593f31171f32a247f08e164987bd4a4479d97454ca

    • SHA512

      84fc76e8f1e072a32dd7abe414439513d515b9ee20c0ad235ad2fe28629bdf66164ddf913ed0641f9dbc834f8dde5b01bb0f19656d014ca8719ca19d32d9b96e

    Score
    10/10
    lokibotcollectionspywarestealersuricatatrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1

      suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1

      suricata

    • suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2

      suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2

      suricata

    • suricata: ET MALWARE LokiBot Checkin

      suricata: ET MALWARE LokiBot Checkin

      suricata

    • suricata: ET MALWARE LokiBot Fake 404 Response

      suricata: ET MALWARE LokiBot Fake 404 Response

      suricata

    • suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1

      suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1

      suricata

    • suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2

      suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2

      suricata

    • suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)

      suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)

      suricata

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks