Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4a9debade8c695bd6094e7c48aae7dac597422d14a9feda9a729355c20954c0a

  • Size

    207KB

  • Sample

    211202-z7vpxscadr

  • MD5

    45bf57203a4ff9b9d978daa434a113a3

  • SHA1

    09cf50fe8a3346a81352bf6d3463fbf84147e120

  • SHA256

    4a9debade8c695bd6094e7c48aae7dac597422d14a9feda9a729355c20954c0a

  • SHA512

    29559ba5362753bff8a86463ff51830b7c8e7bf7b95a4f1bc6661f12c094c4cfacb3313ee65d7a5f9da3a71971d00721984815beb6c2f4cb9b59411216720c57

Score
10/10
smokeloaderbackdoorcollectionevasionsuricatatrojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

https://cinems.club/search.php

https://clothes.surf/search.php
rc4.i32
rc4.i32

Targets

    • Target

      4a9debade8c695bd6094e7c48aae7dac597422d14a9feda9a729355c20954c0a

    • Size

      207KB

    • MD5

      45bf57203a4ff9b9d978daa434a113a3

    • SHA1

      09cf50fe8a3346a81352bf6d3463fbf84147e120

    • SHA256

      4a9debade8c695bd6094e7c48aae7dac597422d14a9feda9a729355c20954c0a

    • SHA512

      29559ba5362753bff8a86463ff51830b7c8e7bf7b95a4f1bc6661f12c094c4cfacb3313ee65d7a5f9da3a71971d00721984815beb6c2f4cb9b59411216720c57

    Score
    10/10
    smokeloaderbackdoorcollectionevasionsuricatatrojan

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • suricata: ET MALWARE Windows dir Microsoft Windows DOS prompt command exit OUTBOUND

      suricata: ET MALWARE Windows dir Microsoft Windows DOS prompt command exit OUTBOUND

      suricata

    • suricata: ET MALWARE Windows route Microsoft Windows DOS prompt command exit OUTBOUND

      suricata: ET MALWARE Windows route Microsoft Windows DOS prompt command exit OUTBOUND

      suricata

    • Modifies Windows Firewall

      evasion

    • Deletes itself

    • Accesses Microsoft Outlook profiles

      collection
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1
T1059

Persistence

Modify Existing Service

1
T1031

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

3
T1082

Process Discovery

1
T1057

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks