Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    376b4b5c353b5bc460e6197d9bbea4728f8d5e2d3481f2fce574cedbe6b0de54

  • Size

    611KB

  • Sample

    230127-ke3shabd9v

  • MD5

    0c802d4ef37a0ba9232605f48d0e07b3

  • SHA1

    b8b7afcd7a2f389afcac5c0c3fda472f1fe76290

  • SHA256

    376b4b5c353b5bc460e6197d9bbea4728f8d5e2d3481f2fce574cedbe6b0de54

  • SHA512

    b41a109acc1b13f508f0980b068676208bd5ee92ff3b0e17044e7c0d0042ec2e1fca2ba6896461b1cf8b8e05e096718f1f7de726c425b95400396af0f8e367a7

  • SSDEEP

    12288:RY/BFjCfuXdm4S4w1gzs48VUiHUqF/a82lv4b+uze+RjaXsaNCD5bAMI:CXYwAVr0y/a8mAmFra

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://171.22.30.147/kelly/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      376b4b5c353b5bc460e6197d9bbea4728f8d5e2d3481f2fce574cedbe6b0de54

    • Size

      611KB

    • MD5

      0c802d4ef37a0ba9232605f48d0e07b3

    • SHA1

      b8b7afcd7a2f389afcac5c0c3fda472f1fe76290

    • SHA256

      376b4b5c353b5bc460e6197d9bbea4728f8d5e2d3481f2fce574cedbe6b0de54

    • SHA512

      b41a109acc1b13f508f0980b068676208bd5ee92ff3b0e17044e7c0d0042ec2e1fca2ba6896461b1cf8b8e05e096718f1f7de726c425b95400396af0f8e367a7

    • SSDEEP

      12288:RY/BFjCfuXdm4S4w1gzs48VUiHUqF/a82lv4b+uze+RjaXsaNCD5bAMI:CXYwAVr0y/a8mAmFra

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks