Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e57b333b6656132ec903d5b028dd95dc432486a32216b8c393c0cfe72647490b

  • Size

    232KB

  • Sample

    211202-cdsl5saabp

  • MD5

    0e314e38d19179ead2e608867588bc50

  • SHA1

    e76f626f2898fdef4008fcaa961175767a5b03c2

  • SHA256

    e57b333b6656132ec903d5b028dd95dc432486a32216b8c393c0cfe72647490b

  • SHA512

    a1d5fb57e5594c45b6433048055ae4205f0795b95f759fef1cf8179134600b45bd33ae205db2cb8c4addb1fe5360522527169818a7549a8519e5ff2ba301dea8

Score
10/10
smokeloaderbackdoorcollectionevasionsuricatatrojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

https://cinems.club/search.php

https://clothes.surf/search.php
rc4.i32
rc4.i32

Targets

    • Target

      e57b333b6656132ec903d5b028dd95dc432486a32216b8c393c0cfe72647490b

    • Size

      232KB

    • MD5

      0e314e38d19179ead2e608867588bc50

    • SHA1

      e76f626f2898fdef4008fcaa961175767a5b03c2

    • SHA256

      e57b333b6656132ec903d5b028dd95dc432486a32216b8c393c0cfe72647490b

    • SHA512

      a1d5fb57e5594c45b6433048055ae4205f0795b95f759fef1cf8179134600b45bd33ae205db2cb8c4addb1fe5360522527169818a7549a8519e5ff2ba301dea8

    Score
    10/10
    smokeloaderbackdoorcollectionevasionsuricatatrojan

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • suricata: ET MALWARE Windows dir Microsoft Windows DOS prompt command exit OUTBOUND

      suricata: ET MALWARE Windows dir Microsoft Windows DOS prompt command exit OUTBOUND

      suricata

    • suricata: ET MALWARE Windows route Microsoft Windows DOS prompt command exit OUTBOUND

      suricata: ET MALWARE Windows route Microsoft Windows DOS prompt command exit OUTBOUND

      suricata

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Deletes itself

    • Accesses Microsoft Outlook profiles

      collection
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1
T1059

Persistence

Modify Existing Service

1
T1031

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

3
T1082

Process Discovery

1
T1057

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks