Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ec3b7904889b13ad6e6e91afc91ff8e96140afa73f982cc0b3cd070a97f39422

  • Size

    334KB

  • Sample

    220126-n8gnxache9

  • MD5

    a7055a234da95ac729201f384482b135

  • SHA1

    c0c843d8a1f05265e846db8ad67a6417c11f73dc

  • SHA256

    ec3b7904889b13ad6e6e91afc91ff8e96140afa73f982cc0b3cd070a97f39422

  • SHA512

    b97a4167afedc3aef605155f8d30acdb1bbf41ec0d926de895e6f60655b273d6ee2ea596bf01ad39c376375b99e35c1b3be475d4faa7fe37e20a01ad5619f437

Score
10/10
smokeloaderbackdoorcollectionevasiontrojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://abpa.at/upload/

http://emaratghajari.com/upload/

http://d7qw.cn/upload/

http://alumik-group.ru/upload/

http://zamkikurgan.ru/upload/

https://oakland-studio.video/search.php

https://seattle-university.video/search.php
rc4.i32
rc4.i32
rc4.i32
rc4.i32

Targets

    • Target

      ec3b7904889b13ad6e6e91afc91ff8e96140afa73f982cc0b3cd070a97f39422

    • Size

      334KB

    • MD5

      a7055a234da95ac729201f384482b135

    • SHA1

      c0c843d8a1f05265e846db8ad67a6417c11f73dc

    • SHA256

      ec3b7904889b13ad6e6e91afc91ff8e96140afa73f982cc0b3cd070a97f39422

    • SHA512

      b97a4167afedc3aef605155f8d30acdb1bbf41ec0d926de895e6f60655b273d6ee2ea596bf01ad39c376375b99e35c1b3be475d4faa7fe37e20a01ad5619f437

    Score
    10/10
    smokeloaderbackdoorcollectionevasiontrojan

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Modifies Windows Firewall

      evasion

    • Deletes itself

    • Accesses Microsoft Outlook profiles

      collection
    behavioral1

MITRE ATT&CK Enterprise v6

Tasks