Overview

overview

10

Static

static

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    86fe386cc3662c6b8228b24edd8b41be9cb586b68cb33e6d2633dc79baf383ac

  • Size

    316KB

  • Sample

    221222-t94sqahh9w

  • MD5

    e64b17d519a1c3895a11dcfed3c58049

  • SHA1

    d95b08f29b90967f75c9ee736c2abcf9ae910647

  • SHA256

    86fe386cc3662c6b8228b24edd8b41be9cb586b68cb33e6d2633dc79baf383ac

  • SHA512

    37867f26ac464a693ff7121a66dba36edab421992a7b829cc80076a4a7ce52ea06be3be9db68eb0f2511cd3e5049541a594312c1cfcb3379b5f61139fb2e0568

  • SSDEEP

    6144:PJL3Igi2ZniB/6Z8kVVIMoCo2RR0cSpQTtyzsduHNIvD:PJzIgiSiB/6wMoX2RR0TCtyYduHNI

Score
10/10
smokeloaderbackdoordiscoverytrojan

Malware Config

Targets

    • Target

      86fe386cc3662c6b8228b24edd8b41be9cb586b68cb33e6d2633dc79baf383ac

    • Size

      316KB

    • MD5

      e64b17d519a1c3895a11dcfed3c58049

    • SHA1

      d95b08f29b90967f75c9ee736c2abcf9ae910647

    • SHA256

      86fe386cc3662c6b8228b24edd8b41be9cb586b68cb33e6d2633dc79baf383ac

    • SHA512

      37867f26ac464a693ff7121a66dba36edab421992a7b829cc80076a4a7ce52ea06be3be9db68eb0f2511cd3e5049541a594312c1cfcb3379b5f61139fb2e0568

    • SSDEEP

      6144:PJL3Igi2ZniB/6Z8kVVIMoCo2RR0cSpQTtyzsduHNIvD:PJzIgiSiB/6wMoX2RR0TCtyYduHNI

    Score
    10/10
    smokeloaderbackdoordiscoverytrojan

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks