Overview

overview

10

Static

static

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fa50194126043d5a497865b5b30fe4c318304ece6c568ef6255d9debf6000338

  • Size

    229KB

  • Sample

    221228-gkqtcahe96

  • MD5

    0d7f6222a34cf4189a82f9fb6be3f7fc

  • SHA1

    0606b69fc1935f901a22f9eab54a98f18e18ec53

  • SHA256

    fa50194126043d5a497865b5b30fe4c318304ece6c568ef6255d9debf6000338

  • SHA512

    a8e2703723bf6902df8e5093a5f72bf216a284a7f43c45f2787cfb146c9e3f7e0d49c1cc67c76a2f2a32bf3351e24881e58c75e6df0705f8e18351dd70adb27c

  • SSDEEP

    3072:gU4RK9sL3mTx5huJ8j6itoq/QSMavQBKPtYKs/xAI9y:r9sL3QtuJNitzcaIBK1YDZ

Score
10/10
smokeloaderbackdoorcollectiondiscoveryspywarestealertrojan

Malware Config

Targets

    • Target

      fa50194126043d5a497865b5b30fe4c318304ece6c568ef6255d9debf6000338

    • Size

      229KB

    • MD5

      0d7f6222a34cf4189a82f9fb6be3f7fc

    • SHA1

      0606b69fc1935f901a22f9eab54a98f18e18ec53

    • SHA256

      fa50194126043d5a497865b5b30fe4c318304ece6c568ef6255d9debf6000338

    • SHA512

      a8e2703723bf6902df8e5093a5f72bf216a284a7f43c45f2787cfb146c9e3f7e0d49c1cc67c76a2f2a32bf3351e24881e58c75e6df0705f8e18351dd70adb27c

    • SSDEEP

      3072:gU4RK9sL3mTx5huJ8j6itoq/QSMavQBKPtYKs/xAI9y:r9sL3QtuJNitzcaIBK1YDZ

    Score
    10/10
    smokeloaderbackdoorcollectiondiscoveryspywarestealertrojan

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks