Overview

overview

10

Static

static

dridex

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4c83a0fb4a16ec894dfdd130326ac19639c02822e21cfe9bcac55f5799e473cf

  • Size

    240KB

  • Sample

    220127-lfdensaebl

  • MD5

    e244b430a10e36a1edb485b18f4f3101

  • SHA1

    28af9160889bcfed64edb46a5b3949a02bed287d

  • SHA256

    4c83a0fb4a16ec894dfdd130326ac19639c02822e21cfe9bcac55f5799e473cf

  • SHA512

    74a4a2e4bdab6e156f8b9bf49b049ba66588b734f82deb515c7a178a3d4bebde72d39b0d24cdba4a12b0d23585c92e378e2f3c078d802d49b49456450a9af0fe

Score
10/10
smokeloaderbackdoorpersistencetrojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-data-coin-11.com/

http://file-coin-host-12.com/
rc4.i32
rc4.i32

Targets

    • Target

      4c83a0fb4a16ec894dfdd130326ac19639c02822e21cfe9bcac55f5799e473cf

    • Size

      240KB

    • MD5

      e244b430a10e36a1edb485b18f4f3101

    • SHA1

      28af9160889bcfed64edb46a5b3949a02bed287d

    • SHA256

      4c83a0fb4a16ec894dfdd130326ac19639c02822e21cfe9bcac55f5799e473cf

    • SHA512

      74a4a2e4bdab6e156f8b9bf49b049ba66588b734f82deb515c7a178a3d4bebde72d39b0d24cdba4a12b0d23585c92e378e2f3c078d802d49b49456450a9af0fe

    Score
    10/10
    smokeloaderbackdoorpersistencetrojan

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Executes dropped EXE

    • Sets service image path in registry

      persistence

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks