Overview

overview

10

Static

static

1

dridex

windows10-1703-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    d12315f2722d80d261f0879ddd7800d897a350d69235a926ffbff5992bb8c50a

  • Size

    122KB

  • Sample

    221030-v7mxvscah4

  • MD5

    3659039a266284440355fbbc2f55550f

  • SHA1

    fb970b9132a91ea5eb79b7e77c9c30c438b4023f

  • SHA256

    d12315f2722d80d261f0879ddd7800d897a350d69235a926ffbff5992bb8c50a

  • SHA512

    5e18c3f265d1b5f303263ba2234cfcc3d44089b550f2cca5c4abe49e5bfb32c2dc5951f80c0f505460ff4d3118b2c6e29ea0988b4a9535ff6a41eba8b708ab23

  • SSDEEP

    3072:qUJoFfWzzl+cSM4jPN485i1fgV919wfBMspL5S2Jp:qweEpsPN48CgVpweaL02D

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://208.67.105.162/drostov/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      d12315f2722d80d261f0879ddd7800d897a350d69235a926ffbff5992bb8c50a

    • Size

      122KB

    • MD5

      3659039a266284440355fbbc2f55550f

    • SHA1

      fb970b9132a91ea5eb79b7e77c9c30c438b4023f

    • SHA256

      d12315f2722d80d261f0879ddd7800d897a350d69235a926ffbff5992bb8c50a

    • SHA512

      5e18c3f265d1b5f303263ba2234cfcc3d44089b550f2cca5c4abe49e5bfb32c2dc5951f80c0f505460ff4d3118b2c6e29ea0988b4a9535ff6a41eba8b708ab23

    • SSDEEP

      3072:qUJoFfWzzl+cSM4jPN485i1fgV919wfBMspL5S2Jp:qweEpsPN48CgVpweaL02D

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks