Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    160s
  • max time network
    173s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    02/10/2022, 13:49 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d0ed763ee108686d8b358f89a65c45ee932755a3b2ceabb55282e2618e90aba2.exe

  • Size

    133KB

  • MD5

    e874a1fe90698daeb8d0faa9d3b92027

  • SHA1

    aa6ce148e834043cf6d2bed8e4e1bfc7e7e8a01c

  • SHA256

    d0ed763ee108686d8b358f89a65c45ee932755a3b2ceabb55282e2618e90aba2

  • SHA512

    fabbd04a0b85831fa5ed7ff00a30cec4c7b6735e166a8fdc6f81ed3299ee5bfcf51b0efe9e517b296e45ee119c7b7c241a0a9f962631f9a19a4bfdf5e8fdece5

  • SSDEEP

    3072:IHzVnRR7Zh7zeOe8uH/096mxoJQEXnLBS:u7DzeKuH89XQB3LB

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Signatures

  • Detects Smokeloader packer 1 IoCs
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Deletes itself 1 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d0ed763ee108686d8b358f89a65c45ee932755a3b2ceabb55282e2618e90aba2.exe
    "C:\Users\Admin\AppData\Local\Temp\d0ed763ee108686d8b358f89a65c45ee932755a3b2ceabb55282e2618e90aba2.exe"
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    PID:4056

Network

  • flag-us
    DNS
    gayworld.at
    Remote address:
    8.8.8.8:53
    Request
    gayworld.at
    IN A
    Response
    gayworld.at
    IN A
    175.119.10.231
    gayworld.at
    IN A
    175.126.109.15
    gayworld.at
    IN A
    37.34.248.24
    gayworld.at
    IN A
    211.119.84.111
    gayworld.at
    IN A
    222.236.49.123
    gayworld.at
    IN A
    195.158.3.162
    gayworld.at
    IN A
    31.166.74.154
    gayworld.at
    IN A
    58.235.189.192
    gayworld.at
    IN A
    222.236.49.124
    gayworld.at
    IN A
    175.120.254.9
  • 20.189.173.15:443
    322 B
     7
  • 175.119.10.231:80
    gayworld.at
    156 B
     3
  • 175.126.109.15:80
    gayworld.at
    156 B
     3
  • 37.34.248.24:80
    gayworld.at
    156 B
     3
  • 211.119.84.111:80
    gayworld.at
    156 B
     3
  • 222.236.49.123:80
    gayworld.at
    156 B
     3
  • 195.158.3.162:80
    gayworld.at
    156 B
     3
  • 8.8.8.8:53
    gayworld.at
    dns
    57 B
     217 B
     1
    1

    DNS Request

    gayworld.at

    DNS Response

    175.119.10.231
    175.126.109.15
    37.34.248.24
    211.119.84.111
    222.236.49.123
    195.158.3.162
    31.166.74.154
    58.235.189.192
    222.236.49.124
    175.120.254.9

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4056-118-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4056-119-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4056-120-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4056-121-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4056-122-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4056-123-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4056-124-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4056-125-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4056-126-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4056-127-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4056-128-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4056-129-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4056-130-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4056-131-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4056-132-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4056-133-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4056-134-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4056-135-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4056-136-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4056-137-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4056-138-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4056-139-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4056-140-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4056-141-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4056-142-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4056-143-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4056-144-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4056-145-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4056-146-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4056-149-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4056-148-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4056-147-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4056-150-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4056-151-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4056-154-0x0000000000400000-0x000000000057E000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/4056-153-0x00000000006E0000-0x00000000006E9000-memory.dmp

    Filesize

    36KB

    Download

  • memory/4056-152-0x000000000081A000-0x000000000082A000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4056-155-0x0000000000400000-0x000000000057E000-memory.dmp

    Filesize

    1.5MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.