Overview

overview

10

Static

static

dridex

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ec8a4e3b7eb63b8a8761f2d492b111c10411f0926112e8042d87228a1188cf3f

  • Size

    334KB

  • Sample

    220126-k5j33sbef2

  • MD5

    cc32dfc122e50ec2f6526e573ff91876

  • SHA1

    361f0aed607c8f6c6a650429f5a30780ce6a1629

  • SHA256

    ec8a4e3b7eb63b8a8761f2d492b111c10411f0926112e8042d87228a1188cf3f

  • SHA512

    f02328b9e27a5c050ffbb2e22ccecce53ed124951db7d68040c1447751e794f1cef11c3cb2c071a54297a1d37aaef3df2575045fca770123e2dfa911e89ee655

Score
10/10
smokeloaderbackdoorevasionpersistencetrojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://abpa.at/upload/

http://emaratghajari.com/upload/

http://d7qw.cn/upload/

http://alumik-group.ru/upload/

http://zamkikurgan.ru/upload/
rc4.i32
rc4.i32
rc4.i32
rc4.i32

Targets

    • Target

      ec8a4e3b7eb63b8a8761f2d492b111c10411f0926112e8042d87228a1188cf3f

    • Size

      334KB

    • MD5

      cc32dfc122e50ec2f6526e573ff91876

    • SHA1

      361f0aed607c8f6c6a650429f5a30780ce6a1629

    • SHA256

      ec8a4e3b7eb63b8a8761f2d492b111c10411f0926112e8042d87228a1188cf3f

    • SHA512

      f02328b9e27a5c050ffbb2e22ccecce53ed124951db7d68040c1447751e794f1cef11c3cb2c071a54297a1d37aaef3df2575045fca770123e2dfa911e89ee655

    Score
    10/10
    smokeloaderbackdoorevasionpersistencetrojan

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Sets service image path in registry

      persistence
    behavioral1

MITRE ATT&CK Enterprise v6

Tasks