Overview

overview

10

Static

static

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4bcfb4be98000417c511d1a3ac412bd2440d13f84353a2c96a99ac8d50afcb9b

  • Size

    146KB

  • Sample

    221127-jj2wbsea6x

  • MD5

    d2011ed8320e1d4a6336246e7148c060

  • SHA1

    d396242b8e9978f7dda69becd59a6d35aa9da5e4

  • SHA256

    4bcfb4be98000417c511d1a3ac412bd2440d13f84353a2c96a99ac8d50afcb9b

  • SHA512

    0c7c1e3603725bbd541ef30ac3c3bf7435737dd139079862fc904cd3a33471689afa8521535390be1586cdcd80f3c51381097f9360098ac9e76a4fc8f5ec3b6e

  • SSDEEP

    3072:qxVNKV0rwQIQ29B5UWrLB6aVNkvq7Kp1ZxFPp:E2Q2jh6aVOvq7KlxB

Score
10/10
amadeysmokeloaderbackdoortrojan

Malware Config

Targets

    • Target

      4bcfb4be98000417c511d1a3ac412bd2440d13f84353a2c96a99ac8d50afcb9b

    • Size

      146KB

    • MD5

      d2011ed8320e1d4a6336246e7148c060

    • SHA1

      d396242b8e9978f7dda69becd59a6d35aa9da5e4

    • SHA256

      4bcfb4be98000417c511d1a3ac412bd2440d13f84353a2c96a99ac8d50afcb9b

    • SHA512

      0c7c1e3603725bbd541ef30ac3c3bf7435737dd139079862fc904cd3a33471689afa8521535390be1586cdcd80f3c51381097f9360098ac9e76a4fc8f5ec3b6e

    • SSDEEP

      3072:qxVNKV0rwQIQ29B5UWrLB6aVNkvq7Kp1ZxFPp:E2Q2jh6aVOvq7KlxB

    Score
    10/10
    amadeysmokeloaderbackdoortrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Downloads MZ/PE file

    • Executes dropped EXE

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks