Overview

overview

10

Static

static

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    28815400993d7fc9ffd14560291d2a9441effad98ffcd722b7501bf95c44d436

  • Size

    260KB

  • Sample

    221029-ts7haaeffm

  • MD5

    51e0c286d021486c952d497dcc78fe87

  • SHA1

    13ff8a56db4a6445505f35015b50727d163e4592

  • SHA256

    28815400993d7fc9ffd14560291d2a9441effad98ffcd722b7501bf95c44d436

  • SHA512

    7bf579bda867425a63e0c51ac33b5925f3cfc570f8b25888063c11314b1fedf54a9c3ae2a2d9812963a1b4eaa6396e38d6e7d56fa6e6c66c5bf388dfcf969d9b

  • SSDEEP

    3072:4Z/ExBRK6SILh2MA/q5h9fNAcEKmy722YwiZV7EYUB7wz4Qj/KO1pM/h3s:dxBsPILAMpf+bODQ4d724QrKK

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Targets

    • Target

      28815400993d7fc9ffd14560291d2a9441effad98ffcd722b7501bf95c44d436

    • Size

      260KB

    • MD5

      51e0c286d021486c952d497dcc78fe87

    • SHA1

      13ff8a56db4a6445505f35015b50727d163e4592

    • SHA256

      28815400993d7fc9ffd14560291d2a9441effad98ffcd722b7501bf95c44d436

    • SHA512

      7bf579bda867425a63e0c51ac33b5925f3cfc570f8b25888063c11314b1fedf54a9c3ae2a2d9812963a1b4eaa6396e38d6e7d56fa6e6c66c5bf388dfcf969d9b

    • SSDEEP

      3072:4Z/ExBRK6SILh2MA/q5h9fNAcEKmy722YwiZV7EYUB7wz4Qj/KO1pM/h3s:dxBsPILAMpf+bODQ4d724QrKK

    Score
    10/10
    smokeloaderbackdoortrojan

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks