Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    eff07cb30352c6543c550b7f18a89ec37cc93be95d39bdf221b9f2ea406c43de

  • Size

    317KB

  • Sample

    220125-mlbnpsebck

  • MD5

    472eacd7defd1c34c915ad009096d8f8

  • SHA1

    06474dab2c7f216fdf5a9a39d75e28a86365ae77

  • SHA256

    eff07cb30352c6543c550b7f18a89ec37cc93be95d39bdf221b9f2ea406c43de

  • SHA512

    cdd307667457b0080aeadf314e45fc82a20508c4fc9430c679579fc3ec58b9578701f8125e12e3004a13bd6b18f2cb67459c053c56f258639960307579a97951

Score
10/10
smokeloaderbackdoorcollectionevasiontrojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://abpa.at/upload/

http://emaratghajari.com/upload/

http://d7qw.cn/upload/

http://alumik-group.ru/upload/

http://zamkikurgan.ru/upload/
rc4.i32
rc4.i32

Targets

    • Target

      eff07cb30352c6543c550b7f18a89ec37cc93be95d39bdf221b9f2ea406c43de

    • Size

      317KB

    • MD5

      472eacd7defd1c34c915ad009096d8f8

    • SHA1

      06474dab2c7f216fdf5a9a39d75e28a86365ae77

    • SHA256

      eff07cb30352c6543c550b7f18a89ec37cc93be95d39bdf221b9f2ea406c43de

    • SHA512

      cdd307667457b0080aeadf314e45fc82a20508c4fc9430c679579fc3ec58b9578701f8125e12e3004a13bd6b18f2cb67459c053c56f258639960307579a97951

    Score
    10/10
    smokeloaderbackdoorcollectionevasiontrojan

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Deletes itself

    • Accesses Microsoft Outlook profiles

      collection
    behavioral1

MITRE ATT&CK Enterprise v6

Tasks