Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7699f94c9a81881b343ad99683317b66a1fb7d2db1491931d2cff3942f4ba15a

  • Size

    250KB

  • Sample

    220120-n4k6jahgh4

  • MD5

    3b66b8cd79c7fd52b55f2277f9774dc3

  • SHA1

    60a701a879c7dc4dd8408140c31bfff807229529

  • SHA256

    7699f94c9a81881b343ad99683317b66a1fb7d2db1491931d2cff3942f4ba15a

  • SHA512

    ea2dba94dd59a5538c6c07c8168571fb51cf8ba4e05e93d01bf69703712d9e2686b6aa418eb369f9107c1263ad605bda2cb33f0ed4f2217e5eb6a503c4f8f292

Score
10/10
asyncratsmokeloadervenom clientsbackdoorpersistencerattrojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://abpa.at/upload/

http://emaratghajari.com/upload/

http://d7qw.cn/upload/

http://alumik-group.ru/upload/

http://zamkikurgan.ru/upload/
rc4.i32
rc4.i32

Extracted

Family

asyncrat

Version

VenomRAT_HVNC 5.0.4

Botnet

Venom Clients

C2

127.0.0.1:4449

91.92.136.123:4449
Mutex

Venom_RAT_Mutex_Venom_RAT

Attributes
  • anti_vm

    false

  • bsod

    false

  • delay

    0

  • install

    false

  • install_folder

    %AppData%

  • pastebin_config

    null

aes.plain

Targets

    • Target

      7699f94c9a81881b343ad99683317b66a1fb7d2db1491931d2cff3942f4ba15a

    • Size

      250KB

    • MD5

      3b66b8cd79c7fd52b55f2277f9774dc3

    • SHA1

      60a701a879c7dc4dd8408140c31bfff807229529

    • SHA256

      7699f94c9a81881b343ad99683317b66a1fb7d2db1491931d2cff3942f4ba15a

    • SHA512

      ea2dba94dd59a5538c6c07c8168571fb51cf8ba4e05e93d01bf69703712d9e2686b6aa418eb369f9107c1263ad605bda2cb33f0ed4f2217e5eb6a503c4f8f292

    Score
    10/10
    asyncratsmokeloadervenom clientsbackdoorpersistencerattrojan

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Async RAT payload

      rat

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Deletes itself

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks