Overview

overview

10

Static

static

dridex

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    20bce27320334129950e98b7e60d3b55ba86e94174ff8316fc48fe03b8c43585

  • Size

    240KB

  • Sample

    220127-ab4khscddr

  • MD5

    bda013087a8132ffc38bf59af9362f50

  • SHA1

    5217d721e45a3bb2a7606ce81fcf17d33aa806a6

  • SHA256

    20bce27320334129950e98b7e60d3b55ba86e94174ff8316fc48fe03b8c43585

  • SHA512

    a6557e218b99b8576d9601d99d1c3844eef14f624b488e90ae5bbf5491f596af758c70590df4c8dc2a54abe8073001efc54235c39309d65c12bed152ff5b629e

Score
10/10
smokeloaderbackdoorevasionpersistencesuricatatrojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

https://oakland-studio.video/search.php

https://seattle-university.video/search.php
rc4.i32
rc4.i32

Targets

    • Target

      20bce27320334129950e98b7e60d3b55ba86e94174ff8316fc48fe03b8c43585

    • Size

      240KB

    • MD5

      bda013087a8132ffc38bf59af9362f50

    • SHA1

      5217d721e45a3bb2a7606ce81fcf17d33aa806a6

    • SHA256

      20bce27320334129950e98b7e60d3b55ba86e94174ff8316fc48fe03b8c43585

    • SHA512

      a6557e218b99b8576d9601d99d1c3844eef14f624b488e90ae5bbf5491f596af758c70590df4c8dc2a54abe8073001efc54235c39309d65c12bed152ff5b629e

    Score
    10/10
    smokeloaderbackdoorevasionpersistencesuricatatrojan

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • suricata: ET MALWARE Windows route Microsoft Windows DOS prompt command exit OUTBOUND

      suricata: ET MALWARE Windows route Microsoft Windows DOS prompt command exit OUTBOUND

      suricata

    • Modifies Windows Firewall

      evasion

    • Sets service image path in registry

      persistence
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1
T1059

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

3
T1082

Process Discovery

1
T1057

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks