Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7567f86def3dc8084c7109194fb9f6507fd2aa690750b0c686309977bd6d28bd

  • Size

    305KB

  • Sample

    220522-a1cs4aebh5

  • MD5

    f31faec182e68366e6e95e2711f44f9f

  • SHA1

    f8edb35e8f3dae879e27f47a0c0f18da265da9e8

  • SHA256

    7567f86def3dc8084c7109194fb9f6507fd2aa690750b0c686309977bd6d28bd

  • SHA512

    850d162c5b5bd06e50ffa14c29af84bcdd598a18dfd2ab3d4411fab6bf138e58720c3360d97efae03b9b613694de07c386b3385496b89a248051983cff0009b9

Score
10/10
smokeloaderbackdoorcollectionevasionsuricatatrojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

https://ny-city-mall.com/search.php

https://fresh-cars.net/search.php
rc4.i32
rc4.i32

Targets

    • Target

      7567f86def3dc8084c7109194fb9f6507fd2aa690750b0c686309977bd6d28bd

    • Size

      305KB

    • MD5

      f31faec182e68366e6e95e2711f44f9f

    • SHA1

      f8edb35e8f3dae879e27f47a0c0f18da265da9e8

    • SHA256

      7567f86def3dc8084c7109194fb9f6507fd2aa690750b0c686309977bd6d28bd

    • SHA512

      850d162c5b5bd06e50ffa14c29af84bcdd598a18dfd2ab3d4411fab6bf138e58720c3360d97efae03b9b613694de07c386b3385496b89a248051983cff0009b9

    Score
    10/10
    smokeloaderbackdoorcollectionevasionsuricatatrojan

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • suricata: ET MALWARE Windows dir Microsoft Windows DOS prompt command exit OUTBOUND

      suricata: ET MALWARE Windows dir Microsoft Windows DOS prompt command exit OUTBOUND

      suricata

    • suricata: ET MALWARE Windows route Microsoft Windows DOS prompt command exit OUTBOUND

      suricata: ET MALWARE Windows route Microsoft Windows DOS prompt command exit OUTBOUND

      suricata

    • Modifies Windows Firewall

      evasion

    • Deletes itself

    • Accesses Microsoft Outlook profiles

      collection
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1
T1059

Persistence

Modify Existing Service

1
T1031

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

3
T1082

Process Discovery

1
T1057

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks