Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a580bc202a2e9e18e6bd085df9da1964eb3633173f89354bcedfdc9ca9dce1b2

  • Size

    201KB

  • Sample

    210906-rl99gsedbp

  • MD5

    5a909793a4635ba799c30e086e812cc5

  • SHA1

    3edceb6afd1b5c5dd113d5738224c805ec6312d9

  • SHA256

    a580bc202a2e9e18e6bd085df9da1964eb3633173f89354bcedfdc9ca9dce1b2

  • SHA512

    137015867766e1b1897b8c1251311c1c2accd2f265397f1015ac3906da9cb9ab1c1d3b02a2eb63647c9fd181401b5a229f63440f95dfec802446e08575e0cf58

Score
10/10
raccoonredlinesmokeloadertofseevidar05.091002936973binancefe582536ec580228180f270f7cb80a867860e010newnewnorman3ruzki1backdoorevasioninfostealerpersistencestealerthemidatrojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://fazanaharahe1.xyz/

http://xandelissane2.xyz/

http://ustiassosale3.xyz/

http://cytheriata4.xyz/

http://ggiergionard5.xyz/

http://rrelleynaniy6.store/

http://danniemusoa7.store/

http://nastanizab8.store/

http://onyokandis9.store/

http://dmunaavank10.store/

http://gilmandros11.site/

http://cusanthana12.site/

http://willietjeana13.site/

http://ximusokall14.site/

http://blodinetisha15.site/

http://urydiahadyss16.club/

http://glasamaddama17.club/

http://marlingarly18.club/

http://alluvianna19.club/

http://xandirkaniel20.club/
rc4.i32
rc4.i32

Extracted

Family

redline

Botnet

newnew

C2

185.167.97.37:30904

Extracted

Family

vidar

Version

40.4

Botnet

936

C2

https://romkaxarit.tumblr.com/

Attributes
  • profile_id

    936

Extracted

Family

raccoon

Botnet

fe582536ec580228180f270f7cb80a867860e010

Attributes
  • url4cnc

    https://telete.in/xylichanjk

rc4.plain
rc4.plain

Extracted

Family

vidar

Version

40.4

Botnet

1002

C2

https://romkaxarit.tumblr.com/

Attributes
  • profile_id

    1002

Extracted

Family

vidar

Version

40.4

Botnet

973

C2

https://romkaxarit.tumblr.com/

Attributes
  • profile_id

    973

Extracted

Family

redline

Botnet

binance

C2

212.86.102.139:32600

Extracted

Family

redline

Botnet

Ruzki1

C2

54.38.136.110:27734

Extracted

Family

redline

Botnet

05.09

C2

95.181.163.157:15089

Extracted

Family

redline

Botnet

NORMAN3

C2

45.14.49.184:28743

Targets

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

New Service

1
T1050

Modify Existing Service

1
T1031

Privilege Escalation

New Service

1
T1050

Defense Evasion

Credential Access

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks