Overview

overview

10

Static

static

dridex

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    ea352e5f678ca67dd9210261cabdd2eb17723ab94a38f9111ac86186b012340b

  • Size

    256KB

  • Sample

    221231-vpztpsaa66

  • MD5

    fe4bd7b275c38f6bbada20c131ada4aa

  • SHA1

    ec1cac2a0ceeecbc415665cd14b9d59d68078aae

  • SHA256

    ea352e5f678ca67dd9210261cabdd2eb17723ab94a38f9111ac86186b012340b

  • SHA512

    55fdc6eabe57e9ada2d1eecfb0327d0359829e5b722b63edfbd2c0c38575c810223c635f54c211e26db2a74df156db268c887f82906ad87f54bc91e1e6aff841

  • SSDEEP

    3072:0gawmBClgeL65FmxoORJvYkO9OI+iaZU6KtmqzXd27hZY:LQCJLKmxoKvNO9OI+iMU6BSIZY

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Targets

    • Target

      ea352e5f678ca67dd9210261cabdd2eb17723ab94a38f9111ac86186b012340b

    • Size

      256KB

    • MD5

      fe4bd7b275c38f6bbada20c131ada4aa

    • SHA1

      ec1cac2a0ceeecbc415665cd14b9d59d68078aae

    • SHA256

      ea352e5f678ca67dd9210261cabdd2eb17723ab94a38f9111ac86186b012340b

    • SHA512

      55fdc6eabe57e9ada2d1eecfb0327d0359829e5b722b63edfbd2c0c38575c810223c635f54c211e26db2a74df156db268c887f82906ad87f54bc91e1e6aff841

    • SSDEEP

      3072:0gawmBClgeL65FmxoORJvYkO9OI+iaZU6KtmqzXd27hZY:LQCJLKmxoKvNO9OI+iMU6BSIZY

    Score
    10/10
    smokeloaderbackdoortrojan

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks