Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e4f0bfdf674b98dc75b4ae56f5a3cf399097248b62c4a7bc3d0de0244c9cfb50

  • Size

    214KB

  • Sample

    211014-g3gcmagcg6

  • MD5

    4bdd68f6755ce33ab489a8e818fbe740

  • SHA1

    5c0f9f882f2137d468da01b2a1a20e4cc7bc6264

  • SHA256

    e4f0bfdf674b98dc75b4ae56f5a3cf399097248b62c4a7bc3d0de0244c9cfb50

  • SHA512

    58043b92bba6de7eae03955d844ae4d01ab57a1fe624a481763d835d2bb6351620e92b9c9261d4d0d15690634e0feaaf4362f0a201db1a06898dfb34d08e68e4

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://honawey7.xyz/

http://wijibui0.xyz/

http://hefahei6.xyz/

http://pipevai4.xyz/

http://nalirou7.xyz/

http://xacokuo8.xyz/

http://hajezey1.xyz/

http://gejajoo7.xyz/

http://sysaheu9.xyz/

http://rixoxeu9.xyz/
rc4.i32
rc4.i32

Targets

    • Target

      e4f0bfdf674b98dc75b4ae56f5a3cf399097248b62c4a7bc3d0de0244c9cfb50

    • Size

      214KB

    • MD5

      4bdd68f6755ce33ab489a8e818fbe740

    • SHA1

      5c0f9f882f2137d468da01b2a1a20e4cc7bc6264

    • SHA256

      e4f0bfdf674b98dc75b4ae56f5a3cf399097248b62c4a7bc3d0de0244c9cfb50

    • SHA512

      58043b92bba6de7eae03955d844ae4d01ab57a1fe624a481763d835d2bb6351620e92b9c9261d4d0d15690634e0feaaf4362f0a201db1a06898dfb34d08e68e4

    Score
    10/10
    smokeloaderbackdoortrojan

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks