Overview

overview

10

Static

static

1

dridex

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    66f948e02b0879b8e7a1f52541a3340c17bbbaa43c700b0b65e8e6f6cdbc1c58

  • Size

    316KB

  • Sample

    230306-pg92tabf3w

  • MD5

    65a9ac4ee9aa675a49a14c9c33abcf6c

  • SHA1

    8ae8e8d726aba977dc47f473689d4496908653c2

  • SHA256

    66f948e02b0879b8e7a1f52541a3340c17bbbaa43c700b0b65e8e6f6cdbc1c58

  • SHA512

    0653d5542d3a57ee6b822dc3c4ce5ba14f058b2b387460d9b6711f8597456c8375e8d525195a65270ad45c0bf7e77af66ab509545ccda4a00104eb9f3655a9e8

  • SSDEEP

    6144:AqTrR7RLHxrQetMg4xhwFuD1FpZd+W61Rwdmq5S//c:AIDxrvM9zw0HZd+Bem8

Score
10/10
smokeloaderbackdoortrojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/
rc4.i32
rc4.i32

Targets

    • Target

      66f948e02b0879b8e7a1f52541a3340c17bbbaa43c700b0b65e8e6f6cdbc1c58

    • Size

      316KB

    • MD5

      65a9ac4ee9aa675a49a14c9c33abcf6c

    • SHA1

      8ae8e8d726aba977dc47f473689d4496908653c2

    • SHA256

      66f948e02b0879b8e7a1f52541a3340c17bbbaa43c700b0b65e8e6f6cdbc1c58

    • SHA512

      0653d5542d3a57ee6b822dc3c4ce5ba14f058b2b387460d9b6711f8597456c8375e8d525195a65270ad45c0bf7e77af66ab509545ccda4a00104eb9f3655a9e8

    • SSDEEP

      6144:AqTrR7RLHxrQetMg4xhwFuD1FpZd+W61Rwdmq5S//c:AIDxrvM9zw0HZd+Bem8

    Score
    10/10
    smokeloaderbackdoortrojan

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Deletes itself

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks