Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    73a6100eaa8300bd7adf9fa67eed914ef1e31f543cad2c6aafd5010b590f2ba3

  • Size

    722KB

  • Sample

    230201-bbcx8sdb3y

  • MD5

    bb7abdc1adcd9b80507f30a6236911d4

  • SHA1

    9c54856199a5fd8d5d1328a01da59419aac6e46d

  • SHA256

    73a6100eaa8300bd7adf9fa67eed914ef1e31f543cad2c6aafd5010b590f2ba3

  • SHA512

    6ad277dcea5117e91926d9439ae95686d409c6e0fd88eb7af5e15e723eac0f5cc5847a0ebe6eb45bf5cafe54be745ae2abc631108b20773d2b851560e7982d3d

  • SSDEEP

    12288:we9acr8m2wpsCNwLI6gBYDJEP4aH9i7+pvxc4N34o:we9acr8FhC689YDOgOw6Rxc4N34

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://171.22.30.147/kelly/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      73a6100eaa8300bd7adf9fa67eed914ef1e31f543cad2c6aafd5010b590f2ba3

    • Size

      722KB

    • MD5

      bb7abdc1adcd9b80507f30a6236911d4

    • SHA1

      9c54856199a5fd8d5d1328a01da59419aac6e46d

    • SHA256

      73a6100eaa8300bd7adf9fa67eed914ef1e31f543cad2c6aafd5010b590f2ba3

    • SHA512

      6ad277dcea5117e91926d9439ae95686d409c6e0fd88eb7af5e15e723eac0f5cc5847a0ebe6eb45bf5cafe54be745ae2abc631108b20773d2b851560e7982d3d

    • SSDEEP

      12288:we9acr8m2wpsCNwLI6gBYDJEP4aH9i7+pvxc4N34o:we9acr8FhC689YDOgOw6Rxc4N34

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks