Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f29b9318b3be3c7017d20e72e0e7f060d77d8de05de7982203a9ef7275de8d89

  • Size

    326KB

  • Sample

    211222-qymhhsgbhr

  • MD5

    98f68f3fd92f13094b4341600a31d136

  • SHA1

    85d39680e430390ceae1e1da3b9134df669c5d2d

  • SHA256

    f29b9318b3be3c7017d20e72e0e7f060d77d8de05de7982203a9ef7275de8d89

  • SHA512

    68da4b80456c40dc307b5a69140716a22ee770f24dcbbbcc9dec6b5e1447cb1fe50a79e9d3974a98e8c7fc578dafeb51df46ac4e9d43be001268180d5c74f227

Score
10/10
smokeloadersystembcbackdoorsuricatatrojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://rcacademy.at/upload/

http://e-lanpengeonline.com/upload/

http://vjcmvz.cn/upload/

http://galala.ru/upload/

http://witra.ru/upload/
rc4.i32
rc4.i32

Extracted

Family

systembc

C2

185.70.184.41:4001

Targets

    • Target

      f29b9318b3be3c7017d20e72e0e7f060d77d8de05de7982203a9ef7275de8d89

    • Size

      326KB

    • MD5

      98f68f3fd92f13094b4341600a31d136

    • SHA1

      85d39680e430390ceae1e1da3b9134df669c5d2d

    • SHA256

      f29b9318b3be3c7017d20e72e0e7f060d77d8de05de7982203a9ef7275de8d89

    • SHA512

      68da4b80456c40dc307b5a69140716a22ee770f24dcbbbcc9dec6b5e1447cb1fe50a79e9d3974a98e8c7fc578dafeb51df46ac4e9d43be001268180d5c74f227

    Score
    10/10
    smokeloadersystembcbackdoorsuricatatrojan

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

      trojansystembc

    • suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

      suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

      suricata

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Deletes itself

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks