Overview

overview

10

Static

static

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e5f9a09271a50978fbe49763e8cb281930e5df2ab2aa87b94f02f4f97d95e8a4

  • Size

    139KB

  • Sample

    221130-bkpy6aec53

  • MD5

    892e33553e7bb81db9cf7a6f6c903a4a

  • SHA1

    c7b0ec940666b9bf794f044b1213be5c8eaef745

  • SHA256

    e5f9a09271a50978fbe49763e8cb281930e5df2ab2aa87b94f02f4f97d95e8a4

  • SHA512

    f4c10e45cf4c479bd7e888bfc5e8d4166d5efa6174b85abae992a5009ab7370b950bf9453449685c50cc36a5ac554630a138a95e7dcea2d35f2f9888f94c9a1f

  • SSDEEP

    3072:JTiOr52hks5b6h9wp0PQ0C63KQ8SHjUX5GnOn:89Z6h9y0Cm1HjUX5Hn

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Targets

    • Target

      e5f9a09271a50978fbe49763e8cb281930e5df2ab2aa87b94f02f4f97d95e8a4

    • Size

      139KB

    • MD5

      892e33553e7bb81db9cf7a6f6c903a4a

    • SHA1

      c7b0ec940666b9bf794f044b1213be5c8eaef745

    • SHA256

      e5f9a09271a50978fbe49763e8cb281930e5df2ab2aa87b94f02f4f97d95e8a4

    • SHA512

      f4c10e45cf4c479bd7e888bfc5e8d4166d5efa6174b85abae992a5009ab7370b950bf9453449685c50cc36a5ac554630a138a95e7dcea2d35f2f9888f94c9a1f

    • SSDEEP

      3072:JTiOr52hks5b6h9wp0PQ0C63KQ8SHjUX5GnOn:89Z6h9y0Cm1HjUX5Hn

    Score
    10/10
    smokeloaderbackdoortrojan

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

3
T1082

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks