Overview

overview

10

Static

static

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    861cdf989a96190939df8f34a2dd3704a14529e51a42b067bf6815d53352eb7f

  • Size

    209KB

  • Sample

    221101-e45eqsgae2

  • MD5

    7926391003b01152d1336849a984a08e

  • SHA1

    a0ebce5a2f02bb1277918ac9e430513d50e2bf16

  • SHA256

    861cdf989a96190939df8f34a2dd3704a14529e51a42b067bf6815d53352eb7f

  • SHA512

    48337f2ce552120573b704af83d9f269b6c7e0da0f27e01bad147da149d42d28aaa12e08288399b559dcb237e97b089f5112509886463c46524cae3d04a34d48

  • SSDEEP

    3072:AkTw15g6T8GZs6ULOx9hJ655/54a2Bym6cioCQam4YdZqMFVmSx:AkM1VT/Zs9LMhJlxkmfcUZZFVmS

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Targets

    • Target

      861cdf989a96190939df8f34a2dd3704a14529e51a42b067bf6815d53352eb7f

    • Size

      209KB

    • MD5

      7926391003b01152d1336849a984a08e

    • SHA1

      a0ebce5a2f02bb1277918ac9e430513d50e2bf16

    • SHA256

      861cdf989a96190939df8f34a2dd3704a14529e51a42b067bf6815d53352eb7f

    • SHA512

      48337f2ce552120573b704af83d9f269b6c7e0da0f27e01bad147da149d42d28aaa12e08288399b559dcb237e97b089f5112509886463c46524cae3d04a34d48

    • SSDEEP

      3072:AkTw15g6T8GZs6ULOx9hJ655/54a2Bym6cioCQam4YdZqMFVmSx:AkM1VT/Zs9LMhJlxkmfcUZZFVmS

    Score
    10/10
    smokeloaderbackdoortrojan

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks