Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    beda527ef244adc7a6f5f3d89cb4d5ed6d425f3d27af76f1bdbcf40b02353756

  • Size

    145KB

  • Sample

    221006-ewse7sgegr

  • MD5

    cac5b18ee16415a14168d5e69a450175

  • SHA1

    d075fb8a14419f2d2c48b7773bf58e13cc885826

  • SHA256

    beda527ef244adc7a6f5f3d89cb4d5ed6d425f3d27af76f1bdbcf40b02353756

  • SHA512

    281b84ba9a8db084ec48e8fac2dababb5be65f98a160647da5d817166a82d8cd38328e16990977e45c5864d6b3bd1a665a0b487717b8b2aaf2a2a73049a05d09

  • SSDEEP

    1536:jtV6HXw/ucLyr/j++3DBbf3oTK1PfEnSy6tnH5jQRH/ugrKk8Xepfpr8ogMO/Ip0:jtV6AG++db/oTQfEnyHt+ft8Gf9OiYO

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Targets

    • Target

      beda527ef244adc7a6f5f3d89cb4d5ed6d425f3d27af76f1bdbcf40b02353756

    • Size

      145KB

    • MD5

      cac5b18ee16415a14168d5e69a450175

    • SHA1

      d075fb8a14419f2d2c48b7773bf58e13cc885826

    • SHA256

      beda527ef244adc7a6f5f3d89cb4d5ed6d425f3d27af76f1bdbcf40b02353756

    • SHA512

      281b84ba9a8db084ec48e8fac2dababb5be65f98a160647da5d817166a82d8cd38328e16990977e45c5864d6b3bd1a665a0b487717b8b2aaf2a2a73049a05d09

    • SSDEEP

      1536:jtV6HXw/ucLyr/j++3DBbf3oTK1PfEnSy6tnH5jQRH/ugrKk8Xepfpr8ogMO/Ip0:jtV6AG++db/oTQfEnyHt+ft8Gf9OiYO

    Score
    10/10
    smokeloaderbackdoortrojan

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Executes dropped EXE

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks