Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8e36946a4142852379da8cac26d307248a61568b2d7c047e76b780b23f652875

  • Size

    304KB

  • Sample

    220521-emzsxshed5

  • MD5

    3389771eff608690e050c776301d665e

  • SHA1

    01576a97bad2bcac37d82b7841a3b605d696ac1e

  • SHA256

    8e36946a4142852379da8cac26d307248a61568b2d7c047e76b780b23f652875

  • SHA512

    b6714d49081f0acf659d4ee1648f38b4cab8c0efd4ce9bed459533ad29078bc07f1999daa8731a2bd87182871fe1b31fa2230290b8d083b729fad70522c0ef27

Score
10/10
smokeloaderbackdoorcollectionevasionsuricatatrojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

https://ny-city-mall.com/search.php

https://fresh-cars.net/search.php
rc4.i32
rc4.i32

Targets

    • Target

      8e36946a4142852379da8cac26d307248a61568b2d7c047e76b780b23f652875

    • Size

      304KB

    • MD5

      3389771eff608690e050c776301d665e

    • SHA1

      01576a97bad2bcac37d82b7841a3b605d696ac1e

    • SHA256

      8e36946a4142852379da8cac26d307248a61568b2d7c047e76b780b23f652875

    • SHA512

      b6714d49081f0acf659d4ee1648f38b4cab8c0efd4ce9bed459533ad29078bc07f1999daa8731a2bd87182871fe1b31fa2230290b8d083b729fad70522c0ef27

    Score
    10/10
    smokeloaderbackdoorcollectionevasionsuricatatrojan

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • suricata: ET MALWARE Windows dir Microsoft Windows DOS prompt command exit OUTBOUND

      suricata: ET MALWARE Windows dir Microsoft Windows DOS prompt command exit OUTBOUND

      suricata

    • suricata: ET MALWARE Windows route Microsoft Windows DOS prompt command exit OUTBOUND

      suricata: ET MALWARE Windows route Microsoft Windows DOS prompt command exit OUTBOUND

      suricata

    • Modifies Windows Firewall

      evasion

    • Deletes itself

    • Accesses Microsoft Outlook profiles

      collection
    behavioral1

MITRE ATT&CK Enterprise v6

Tasks