Overview

overview

10

Static

static

3

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    64c59b9bd4ef36c9917f79a1cb0ae377739e2a980ddb6984599dc2b7c4af3016

  • Size

    540KB

  • Sample

    230718-prb8jaab46

  • MD5

    f3fca96a7b2dbbd19c62c9a798e4ddb0

  • SHA1

    28d84cdada0af9f41cb2aa2817ba3d5c220795fa

  • SHA256

    64c59b9bd4ef36c9917f79a1cb0ae377739e2a980ddb6984599dc2b7c4af3016

  • SHA512

    fbba6d1e7ffe231429291d1a70a8f210afa887dc33d4d4d3310ac08e56410f7a27e647dd496993054910afcb07f9e009ef997400532b598600bbabb608815e0d

  • SSDEEP

    12288:qmAY2kcdbL4Ef5WXHLSIDsHit9SGVKuGgeEeNf:zN6GEf5qSIDsCtkGguRTA

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://185.246.220.60/official/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      64c59b9bd4ef36c9917f79a1cb0ae377739e2a980ddb6984599dc2b7c4af3016

    • Size

      540KB

    • MD5

      f3fca96a7b2dbbd19c62c9a798e4ddb0

    • SHA1

      28d84cdada0af9f41cb2aa2817ba3d5c220795fa

    • SHA256

      64c59b9bd4ef36c9917f79a1cb0ae377739e2a980ddb6984599dc2b7c4af3016

    • SHA512

      fbba6d1e7ffe231429291d1a70a8f210afa887dc33d4d4d3310ac08e56410f7a27e647dd496993054910afcb07f9e009ef997400532b598600bbabb608815e0d

    • SSDEEP

      12288:qmAY2kcdbL4Ef5WXHLSIDsHit9SGVKuGgeEeNf:zN6GEf5qSIDsCtkGguRTA

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks