Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    62s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    15-10-2022 14:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    db7ebed9bebb7b6c2518444fdd81d167cf296e8e9676455e09586b08c04f9c2f.exe

  • Size

    214KB

  • MD5

    97fe1accb9d7fe5e6e434d116934b173

  • SHA1

    2a63de161c4efc33619e64072006377b63b2fa34

  • SHA256

    db7ebed9bebb7b6c2518444fdd81d167cf296e8e9676455e09586b08c04f9c2f

  • SHA512

    e79dbfee55623db3a3bb605f21214540e281c696776aff66caafddd0e038096fc05c6ec8de8f0e0ef5b6e5b298c7483bb8d54ad063dafac4510e1d935b96c53c

  • SSDEEP

    3072:rRQXpkIWLmFOag5k4RRl5EJYugG/Z+7bATjwdOCDQo0KEkWxN0f:1EILmF34L+ljwQCEo0LkWxs

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Signatures

  • Detects Smokeloader packer 1 IoCs
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Executes dropped EXE 1 IoCs
  • Deletes itself 1 IoCs
  • Checks SCSI registry key(s) 3 TTPs 6 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\db7ebed9bebb7b6c2518444fdd81d167cf296e8e9676455e09586b08c04f9c2f.exe
    "C:\Users\Admin\AppData\Local\Temp\db7ebed9bebb7b6c2518444fdd81d167cf296e8e9676455e09586b08c04f9c2f.exe"
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    PID:2164
  • C:\Users\Admin\AppData\Roaming\rtbdatv
    C:\Users\Admin\AppData\Roaming\rtbdatv
    1⤵
    • Executes dropped EXE
    • Checks SCSI registry key(s)
    • Suspicious behavior: MapViewOfSection
    PID:4476

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\rtbdatv
    Filesize

    214KB

    MD5

    97fe1accb9d7fe5e6e434d116934b173

    SHA1

    2a63de161c4efc33619e64072006377b63b2fa34

    SHA256

    db7ebed9bebb7b6c2518444fdd81d167cf296e8e9676455e09586b08c04f9c2f

    SHA512

    e79dbfee55623db3a3bb605f21214540e281c696776aff66caafddd0e038096fc05c6ec8de8f0e0ef5b6e5b298c7483bb8d54ad063dafac4510e1d935b96c53c

    Download Submit

  • C:\Users\Admin\AppData\Roaming\rtbdatv
    Filesize

    214KB

    MD5

    97fe1accb9d7fe5e6e434d116934b173

    SHA1

    2a63de161c4efc33619e64072006377b63b2fa34

    SHA256

    db7ebed9bebb7b6c2518444fdd81d167cf296e8e9676455e09586b08c04f9c2f

    SHA512

    e79dbfee55623db3a3bb605f21214540e281c696776aff66caafddd0e038096fc05c6ec8de8f0e0ef5b6e5b298c7483bb8d54ad063dafac4510e1d935b96c53c

    Download Submit

  • memory/2164-120-0x00000000776E0000-0x000000007786E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2164-121-0x00000000776E0000-0x000000007786E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2164-122-0x00000000776E0000-0x000000007786E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2164-123-0x00000000776E0000-0x000000007786E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2164-124-0x00000000776E0000-0x000000007786E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2164-125-0x00000000776E0000-0x000000007786E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2164-126-0x00000000776E0000-0x000000007786E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2164-127-0x00000000776E0000-0x000000007786E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2164-128-0x00000000776E0000-0x000000007786E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2164-129-0x00000000776E0000-0x000000007786E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2164-131-0x00000000776E0000-0x000000007786E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2164-130-0x00000000776E0000-0x000000007786E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2164-132-0x00000000776E0000-0x000000007786E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2164-133-0x00000000776E0000-0x000000007786E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2164-134-0x00000000776E0000-0x000000007786E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2164-135-0x00000000776E0000-0x000000007786E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2164-136-0x00000000776E0000-0x000000007786E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2164-137-0x00000000776E0000-0x000000007786E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2164-138-0x00000000776E0000-0x000000007786E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2164-139-0x00000000776E0000-0x000000007786E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2164-140-0x00000000776E0000-0x000000007786E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2164-141-0x00000000776E0000-0x000000007786E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2164-142-0x00000000776E0000-0x000000007786E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2164-143-0x00000000776E0000-0x000000007786E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2164-145-0x00000000776E0000-0x000000007786E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2164-146-0x00000000776E0000-0x000000007786E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2164-147-0x0000000000440000-0x00000000004EE000-memory.dmp

    Filesize

    696KB

    Download

  • memory/2164-148-0x0000000002020000-0x0000000002029000-memory.dmp

    Filesize

    36KB

    Download

  • memory/2164-149-0x00000000776E0000-0x000000007786E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2164-150-0x00000000776E0000-0x000000007786E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2164-151-0x00000000776E0000-0x000000007786E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2164-152-0x00000000776E0000-0x000000007786E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2164-153-0x00000000776E0000-0x000000007786E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2164-154-0x00000000776E0000-0x000000007786E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2164-155-0x00000000776E0000-0x000000007786E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2164-156-0x00000000776E0000-0x000000007786E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2164-157-0x0000000000400000-0x000000000043A000-memory.dmp

    Filesize

    232KB

    Download

  • memory/2164-158-0x0000000000400000-0x000000000043A000-memory.dmp

    Filesize

    232KB

    Download

  • memory/4476-160-0x00000000776E0000-0x000000007786E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4476-161-0x00000000776E0000-0x000000007786E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4476-162-0x00000000776E0000-0x000000007786E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4476-163-0x00000000776E0000-0x000000007786E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4476-164-0x00000000776E0000-0x000000007786E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4476-165-0x00000000776E0000-0x000000007786E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4476-166-0x00000000776E0000-0x000000007786E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4476-168-0x00000000776E0000-0x000000007786E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4476-170-0x00000000776E0000-0x000000007786E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4476-172-0x00000000776E0000-0x000000007786E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4476-175-0x00000000776E0000-0x000000007786E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4476-178-0x00000000776E0000-0x000000007786E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4476-183-0x00000000776E0000-0x000000007786E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4476-184-0x00000000776E0000-0x000000007786E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4476-182-0x00000000776E0000-0x000000007786E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4476-181-0x00000000776E0000-0x000000007786E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4476-180-0x00000000776E0000-0x000000007786E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4476-179-0x00000000776E0000-0x000000007786E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4476-177-0x00000000776E0000-0x000000007786E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4476-176-0x00000000776E0000-0x000000007786E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4476-174-0x00000000776E0000-0x000000007786E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4476-173-0x00000000776E0000-0x000000007786E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4476-171-0x00000000776E0000-0x000000007786E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4476-169-0x00000000776E0000-0x000000007786E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4476-186-0x00000000776E0000-0x000000007786E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4476-187-0x00000000776E0000-0x000000007786E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4476-188-0x00000000776E0000-0x000000007786E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4476-189-0x00000000776E0000-0x000000007786E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4476-191-0x00000000776E0000-0x000000007786E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4476-190-0x00000000776E0000-0x000000007786E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4476-196-0x0000000000520000-0x000000000066A000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/4476-197-0x0000000000520000-0x000000000066A000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/4476-198-0x0000000000400000-0x000000000043A000-memory.dmp

    Filesize

    232KB

    Download

  • memory/4476-199-0x0000000000400000-0x000000000043A000-memory.dmp

    Filesize

    232KB

    Download