Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d97de9ff3962ab65737018f8bf4ba9d2baa143f1b9217d119db2cafbaa2a2570

  • Size

    171KB

  • Sample

    211215-pcslzaader

  • MD5

    595911ab63d7ce2dea26ed3e9aa427df

  • SHA1

    841da4a7454d379274e231eefaf9428c298804dc

  • SHA256

    d97de9ff3962ab65737018f8bf4ba9d2baa143f1b9217d119db2cafbaa2a2570

  • SHA512

    b20c6ece4fc7b08c84642eb4377a8f494ba15ac2c8ff6454f111a9c489d1249ee9d0e5967a3a8408b12edac6324f1d92b72adfe8530746d3b8f6e8656017ba13

Score
10/10
icedidredlinesmokeloader3372020928backdoorbankercollectioninfostealersuricatatrojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/

http://srtuiyhuali.at/

http://fufuiloirtu.com/

http://amogohuigotuli.at/

http://novohudosovu.com/

http://brutuilionust.com/

http://bubushkalioua.com/

http://dumuilistrati.at/

http://verboliatsiaeeees.com/
rc4.i32
rc4.i32
rc4.i32
rc4.i32

Extracted

Family

icedid

Campaign

3372020928

C2

jeliskvosh.com

Targets

    • Target

      d97de9ff3962ab65737018f8bf4ba9d2baa143f1b9217d119db2cafbaa2a2570

    • Size

      171KB

    • MD5

      595911ab63d7ce2dea26ed3e9aa427df

    • SHA1

      841da4a7454d379274e231eefaf9428c298804dc

    • SHA256

      d97de9ff3962ab65737018f8bf4ba9d2baa143f1b9217d119db2cafbaa2a2570

    • SHA512

      b20c6ece4fc7b08c84642eb4377a8f494ba15ac2c8ff6454f111a9c489d1249ee9d0e5967a3a8408b12edac6324f1d92b72adfe8530746d3b8f6e8656017ba13

    Score
    10/10
    icedidredlinesmokeloader3372020928backdoorbankercollectioninfostealersuricatatrojan

    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

      trojanbankericedid

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine Payload

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata: ET MALWARE Win32/IcedID Request Cookie

      suricata

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks