Overview

overview

10

Static

static

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7eb4d64a7d16f78d7cc76d68a709cb08a3b78cfa865ef19aa6a16a78183f850f

  • Size

    145KB

  • Sample

    221006-cywvasgbd5

  • MD5

    4102ef39f1a8cf2fea949454582cf44e

  • SHA1

    07bc1d5d7e7ce2cd5fab221cddf2f5ddea26ba9c

  • SHA256

    7eb4d64a7d16f78d7cc76d68a709cb08a3b78cfa865ef19aa6a16a78183f850f

  • SHA512

    30b622e67fa0e1674b27e6d2d2fe3951a25f2d3283ba860deede7437e32419cd73d55e2d2a9977e58844a0588ddd0ec6b16d147c0dadb92a36f0e358981487c2

  • SSDEEP

    3072:kbZY1phfezV6ieQ+a6tD8xlFdUkIuGptO:cmK5Ahs1yPt

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Targets

    • Target

      7eb4d64a7d16f78d7cc76d68a709cb08a3b78cfa865ef19aa6a16a78183f850f

    • Size

      145KB

    • MD5

      4102ef39f1a8cf2fea949454582cf44e

    • SHA1

      07bc1d5d7e7ce2cd5fab221cddf2f5ddea26ba9c

    • SHA256

      7eb4d64a7d16f78d7cc76d68a709cb08a3b78cfa865ef19aa6a16a78183f850f

    • SHA512

      30b622e67fa0e1674b27e6d2d2fe3951a25f2d3283ba860deede7437e32419cd73d55e2d2a9977e58844a0588ddd0ec6b16d147c0dadb92a36f0e358981487c2

    • SSDEEP

      3072:kbZY1phfezV6ieQ+a6tD8xlFdUkIuGptO:cmK5Ahs1yPt

    Score
    10/10
    smokeloaderbackdoortrojan

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks