Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e725c67da9332069ff55a6f336b32670f10271fce93792ce2429034563dedf39

  • Size

    314KB

  • Sample

    211201-me9bdsbdep

  • MD5

    66438652a0e772c04907ba931365c911

  • SHA1

    85929839d6f66fd3a4ee6536765c731f3015c7a7

  • SHA256

    e725c67da9332069ff55a6f336b32670f10271fce93792ce2429034563dedf39

  • SHA512

    94bf5aa01e9ae446adc51075134277bf1f3e5c343f7d36051fb926f3788f384c1c752d45eb27f5a88694f3dfaffde74dcb139d71b7769747af55d06c15b512cb

Score
10/10
smokeloaderbackdoorcollectionevasionsuricatatrojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

https://cinems.club/search.php

https://clothes.surf/search.php
rc4.i32
rc4.i32

Targets

    • Target

      e725c67da9332069ff55a6f336b32670f10271fce93792ce2429034563dedf39

    • Size

      314KB

    • MD5

      66438652a0e772c04907ba931365c911

    • SHA1

      85929839d6f66fd3a4ee6536765c731f3015c7a7

    • SHA256

      e725c67da9332069ff55a6f336b32670f10271fce93792ce2429034563dedf39

    • SHA512

      94bf5aa01e9ae446adc51075134277bf1f3e5c343f7d36051fb926f3788f384c1c752d45eb27f5a88694f3dfaffde74dcb139d71b7769747af55d06c15b512cb

    Score
    10/10
    smokeloaderbackdoorcollectionevasionsuricatatrojan

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • suricata: ET MALWARE Windows dir Microsoft Windows DOS prompt command exit OUTBOUND

      suricata: ET MALWARE Windows dir Microsoft Windows DOS prompt command exit OUTBOUND

      suricata

    • suricata: ET MALWARE Windows route Microsoft Windows DOS prompt command exit OUTBOUND

      suricata: ET MALWARE Windows route Microsoft Windows DOS prompt command exit OUTBOUND

      suricata

    • Modifies Windows Firewall

      evasion

    • Deletes itself

    • Accesses Microsoft Outlook profiles

      collection
    behavioral1

MITRE ATT&CK Enterprise v6

Tasks