Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5ad48231e5def1441f9b00eb7f4b2f6194b80f56f870e6f6294ac2db4fe88c40

  • Size

    317KB

  • Sample

    211203-tql4kahack

  • MD5

    278cca9a474723dace18ce014ff119e0

  • SHA1

    f8b832626aa9e9e98097d83b2b95b20c5056a64c

  • SHA256

    5ad48231e5def1441f9b00eb7f4b2f6194b80f56f870e6f6294ac2db4fe88c40

  • SHA512

    80a17b6feebc9a37ed84d56bdbc1f0d2bc8463581c6be170c404dc369a925b774be146f9291d992aa95595423cca6e8af60c5d04a6e4dea0706982bbdaa4f959

Score
10/10
smokeloaderbackdoorcollectionevasionsuricatatrojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

https://cinems.club/search.php

https://clothes.surf/search.php
rc4.i32
rc4.i32

Targets

    • Target

      5ad48231e5def1441f9b00eb7f4b2f6194b80f56f870e6f6294ac2db4fe88c40

    • Size

      317KB

    • MD5

      278cca9a474723dace18ce014ff119e0

    • SHA1

      f8b832626aa9e9e98097d83b2b95b20c5056a64c

    • SHA256

      5ad48231e5def1441f9b00eb7f4b2f6194b80f56f870e6f6294ac2db4fe88c40

    • SHA512

      80a17b6feebc9a37ed84d56bdbc1f0d2bc8463581c6be170c404dc369a925b774be146f9291d992aa95595423cca6e8af60c5d04a6e4dea0706982bbdaa4f959

    Score
    10/10
    smokeloaderbackdoorcollectionevasionsuricatatrojan

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • suricata: ET MALWARE Windows dir Microsoft Windows DOS prompt command exit OUTBOUND

      suricata: ET MALWARE Windows dir Microsoft Windows DOS prompt command exit OUTBOUND

      suricata

    • suricata: ET MALWARE Windows route Microsoft Windows DOS prompt command exit OUTBOUND

      suricata: ET MALWARE Windows route Microsoft Windows DOS prompt command exit OUTBOUND

      suricata

    • Modifies Windows Firewall

      evasion

    • Deletes itself

    • Accesses Microsoft Outlook profiles

      collection
    behavioral1

MITRE ATT&CK Enterprise v6

Tasks