Overview

overview

10

Static

static

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6c0d41d60eb643f44c2be0fc57727d2778dd8fb4beb219822cc4b125f47230c1

  • Size

    167KB

  • Sample

    221125-vh525sfa3y

  • MD5

    1a0a136c94b2e23aa2a596002a02853d

  • SHA1

    6b714445a95d93bf023b4aa9f8355c9a13be9fb7

  • SHA256

    6c0d41d60eb643f44c2be0fc57727d2778dd8fb4beb219822cc4b125f47230c1

  • SHA512

    cf6a72c4416a591c15a2049bf4d8e92e0e3981a8a74759574f7d75b6b13587258458a08738e943b64614a9ea71c1e0c162e939dd9eef31380a0f356cdcb48986

  • SSDEEP

    3072:+7EFp+q/mqVPVw5HpejV02SS8ny8HCayekGViDDElp:zoCmqVP+ejbSbbCayek7M

Score
10/10
djvusmokeloaderbackdoorransomwaretrojan

Malware Config

Targets

    • Target

      6c0d41d60eb643f44c2be0fc57727d2778dd8fb4beb219822cc4b125f47230c1

    • Size

      167KB

    • MD5

      1a0a136c94b2e23aa2a596002a02853d

    • SHA1

      6b714445a95d93bf023b4aa9f8355c9a13be9fb7

    • SHA256

      6c0d41d60eb643f44c2be0fc57727d2778dd8fb4beb219822cc4b125f47230c1

    • SHA512

      cf6a72c4416a591c15a2049bf4d8e92e0e3981a8a74759574f7d75b6b13587258458a08738e943b64614a9ea71c1e0c162e939dd9eef31380a0f356cdcb48986

    • SSDEEP

      3072:+7EFp+q/mqVPVw5HpejV02SS8ny8HCayekGViDDElp:zoCmqVP+ejbSbbCayek7M

    Score
    10/10
    djvusmokeloaderbackdoorransomwaretrojan

    • Detected Djvu ransomware

    • Detects Smokeloader packer

    • Djvu Ransomware

      Ransomware which is a variant of the STOP family.

      ransomwaredjvu

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Executes dropped EXE

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks