Overview

overview

10

Static

static

1

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4adacd1bf1d4df2f34791f8b421ee0a55c19bb2860ab980cf5573720cb8ef6e9

  • Size

    298KB

  • Sample

    230207-af4fbabg4w

  • MD5

    03bcdf385ea4c321882e6cff9a84e896

  • SHA1

    4e11e0d1e1e2075fa14d8d469be29b6f30b76a9b

  • SHA256

    4adacd1bf1d4df2f34791f8b421ee0a55c19bb2860ab980cf5573720cb8ef6e9

  • SHA512

    2ff95305e58ce85c9fceeedc94f9caa90f15ba498cdee5bec89cf509fa1baf08b5119bda36e62eb6c4b9a9b9acf1634bb14536a3b2e4f10b301ee2af8eac1358

  • SSDEEP

    3072:C6mb6b57eL3ZRGgTl9K7WDk0fGHLY0Y/Q1SbYuQjiMTE5qwria5Zi:C127eL3+gJ9K7WDQLY5jUuQj9Vwria3

Score
10/10
smokeloaderbackdoorcollectiondiscoveryspywarestealertrojan

Malware Config

Targets

    • Target

      4adacd1bf1d4df2f34791f8b421ee0a55c19bb2860ab980cf5573720cb8ef6e9

    • Size

      298KB

    • MD5

      03bcdf385ea4c321882e6cff9a84e896

    • SHA1

      4e11e0d1e1e2075fa14d8d469be29b6f30b76a9b

    • SHA256

      4adacd1bf1d4df2f34791f8b421ee0a55c19bb2860ab980cf5573720cb8ef6e9

    • SHA512

      2ff95305e58ce85c9fceeedc94f9caa90f15ba498cdee5bec89cf509fa1baf08b5119bda36e62eb6c4b9a9b9acf1634bb14536a3b2e4f10b301ee2af8eac1358

    • SSDEEP

      3072:C6mb6b57eL3ZRGgTl9K7WDk0fGHLY0Y/Q1SbYuQjiMTE5qwria5Zi:C127eL3+gJ9K7WDQLY5jUuQj9Vwria3

    Score
    10/10
    smokeloaderbackdoorcollectiondiscoveryspywarestealertrojan

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook accounts

      collection

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

3
T1012

System Information Discovery

3
T1082

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Data from Local System

1
T1005

Email Collection

2
T1114

Exfiltration

Command and Control

Impact

Tasks