Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f171c9db2d59a3fd6e40651aea1dfe80dd8cc610e8e496c387c5192d950ce202

  • Size

    318KB

  • Sample

    211201-wt84lsefhp

  • MD5

    2143ff7503e7337ff9f0abdae6c3468e

  • SHA1

    32aa2fb93420b27e3470c62898fa47bea6a4d606

  • SHA256

    f171c9db2d59a3fd6e40651aea1dfe80dd8cc610e8e496c387c5192d950ce202

  • SHA512

    a86c7b5b41aa7a2fdcc41c95e2ff11bab53e31c35f9a6051e82b5998c7300e69d14fc46967447592153cc138edac07aea3b8288b61c28b02db439a8387989137

Score
10/10
smokeloaderbackdoorcollectionevasionsuricatatrojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

https://cinems.club/search.php

https://clothes.surf/search.php
rc4.i32
rc4.i32

Targets

    • Target

      f171c9db2d59a3fd6e40651aea1dfe80dd8cc610e8e496c387c5192d950ce202

    • Size

      318KB

    • MD5

      2143ff7503e7337ff9f0abdae6c3468e

    • SHA1

      32aa2fb93420b27e3470c62898fa47bea6a4d606

    • SHA256

      f171c9db2d59a3fd6e40651aea1dfe80dd8cc610e8e496c387c5192d950ce202

    • SHA512

      a86c7b5b41aa7a2fdcc41c95e2ff11bab53e31c35f9a6051e82b5998c7300e69d14fc46967447592153cc138edac07aea3b8288b61c28b02db439a8387989137

    Score
    10/10
    smokeloaderbackdoorcollectionevasionsuricatatrojan

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • suricata: ET MALWARE Windows dir Microsoft Windows DOS prompt command exit OUTBOUND

      suricata: ET MALWARE Windows dir Microsoft Windows DOS prompt command exit OUTBOUND

      suricata

    • suricata: ET MALWARE Windows route Microsoft Windows DOS prompt command exit OUTBOUND

      suricata: ET MALWARE Windows route Microsoft Windows DOS prompt command exit OUTBOUND

      suricata

    • Modifies Windows Firewall

      evasion

    • Deletes itself

    • Accesses Microsoft Outlook profiles

      collection
    behavioral1

MITRE ATT&CK Enterprise v6

Tasks