Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6ff62169824c40354932fd738f8ef29389486bdbd62ff2e277a65cad7b6cbf17

  • Size

    317KB

  • Sample

    220125-zqdp3sfac9

  • MD5

    7b2b9f625b16b277c67f5b567aa47b13

  • SHA1

    cc66eaa9615e3eb1c3726bcb693557ad17b3eedc

  • SHA256

    6ff62169824c40354932fd738f8ef29389486bdbd62ff2e277a65cad7b6cbf17

  • SHA512

    88aa5ee7cef3d905aa9f4c22f7864e6c3622d627a6c526ff01e48fe8f2e0cccce92a060520bf17cfc163e72cc81bd16fb07039417354d954bc3c7f9cf364106c

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://abpa.at/upload/

http://emaratghajari.com/upload/

http://d7qw.cn/upload/

http://alumik-group.ru/upload/

http://zamkikurgan.ru/upload/
rc4.i32
rc4.i32

Targets

    • Target

      6ff62169824c40354932fd738f8ef29389486bdbd62ff2e277a65cad7b6cbf17

    • Size

      317KB

    • MD5

      7b2b9f625b16b277c67f5b567aa47b13

    • SHA1

      cc66eaa9615e3eb1c3726bcb693557ad17b3eedc

    • SHA256

      6ff62169824c40354932fd738f8ef29389486bdbd62ff2e277a65cad7b6cbf17

    • SHA512

      88aa5ee7cef3d905aa9f4c22f7864e6c3622d627a6c526ff01e48fe8f2e0cccce92a060520bf17cfc163e72cc81bd16fb07039417354d954bc3c7f9cf364106c

    Score
    10/10
    smokeloaderbackdoortrojan

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Deletes itself

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks