Overview

overview

10

Static

static

1

dridex

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5eb1a83f5405a42a460e679c749e89628aa234b99099b8b63e1526ad36ea10cc

  • Size

    195KB

  • Sample

    230301-1v5j2aac97

  • MD5

    2739711eafeafe7f45e592d63058c251

  • SHA1

    1d0aba47ce2fd5d5164e1a8b3f07d7fe30b4b6c2

  • SHA256

    5eb1a83f5405a42a460e679c749e89628aa234b99099b8b63e1526ad36ea10cc

  • SHA512

    6b0e0802d559752f9104d22088432b45fd9980859ffc2b3722e0282f05252173d6abfbd3a58f938fb42ff6ef1c79ae5ee444d01a82ddd70079c3be0546b523ba

  • SSDEEP

    3072:VZzloi+2irMTQVGSONOOMUFi/BUvYUrWdPZdEUFKq/iw6YC3:fhoZ2irMT9Fi/2YwWdPZdEoG3

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/
rc4.i32
rc4.i32

Targets

    • Target

      5eb1a83f5405a42a460e679c749e89628aa234b99099b8b63e1526ad36ea10cc

    • Size

      195KB

    • MD5

      2739711eafeafe7f45e592d63058c251

    • SHA1

      1d0aba47ce2fd5d5164e1a8b3f07d7fe30b4b6c2

    • SHA256

      5eb1a83f5405a42a460e679c749e89628aa234b99099b8b63e1526ad36ea10cc

    • SHA512

      6b0e0802d559752f9104d22088432b45fd9980859ffc2b3722e0282f05252173d6abfbd3a58f938fb42ff6ef1c79ae5ee444d01a82ddd70079c3be0546b523ba

    • SSDEEP

      3072:VZzloi+2irMTQVGSONOOMUFi/BUvYUrWdPZdEUFKq/iw6YC3:fhoZ2irMT9Fi/2YwWdPZdEoG3

    Score
    10/10
    smokeloaderbackdoortrojan

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Deletes itself

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks