Overview

overview

10

Static

static

1

dridex

windows10-2004-x64

10

Resubmissions

09/03/2023, 07:17

230309-h4lt6saa3s 10

Sharing

Copy URL Twitter E-mail

General

  • Target

    204991b5a1f7b084ff3187bc3c502dd5e68de0ca1eb75d3627fabc78c4a1bf19

  • Size

    281KB

  • Sample

    230309-h4lt6saa3s

  • MD5

    6a41b456af269abbb94ac267bf8be8f6

  • SHA1

    2cb4572520a9ac1b66e617aa2e0993ff0d0029c2

  • SHA256

    204991b5a1f7b084ff3187bc3c502dd5e68de0ca1eb75d3627fabc78c4a1bf19

  • SHA512

    d94af322550dbb0bc1f5ab9379cebf5aa951188cff4c782dd524b3f899e708ecfc7709b57757fa33b8afedd980c1fd45051bd03e0438dc8b307ff7bde98125af

  • SSDEEP

    3072:IEPAsAL9d9mzgVqfEYIWJj0mNe6rqXZQJomXKaqh9mGWyVCi7IaCsp1+Hc:HtAL9PMtBLAiWB/ntnrF

Score
10/10
smokeloaderbackdoorpersistencetrojan

Malware Config

Extracted

Family

smokeloader

Version

2022

C2

http://hoh0aeghwugh2gie.com/

http://hie7doodohpae4na.com/

http://aek0aicifaloh1yo.com/

http://yic0oosaeiy7ahng.com/

http://wa5zu7sekai8xeih.com/
rc4.i32
rc4.i32

Targets

    • Target

      204991b5a1f7b084ff3187bc3c502dd5e68de0ca1eb75d3627fabc78c4a1bf19

    • Size

      281KB

    • MD5

      6a41b456af269abbb94ac267bf8be8f6

    • SHA1

      2cb4572520a9ac1b66e617aa2e0993ff0d0029c2

    • SHA256

      204991b5a1f7b084ff3187bc3c502dd5e68de0ca1eb75d3627fabc78c4a1bf19

    • SHA512

      d94af322550dbb0bc1f5ab9379cebf5aa951188cff4c782dd524b3f899e708ecfc7709b57757fa33b8afedd980c1fd45051bd03e0438dc8b307ff7bde98125af

    • SSDEEP

      3072:IEPAsAL9d9mzgVqfEYIWJj0mNe6rqXZQJomXKaqh9mGWyVCi7IaCsp1+Hc:HtAL9PMtBLAiWB/ntnrF

    Score
    10/10
    smokeloaderbackdoorpersistencetrojan

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Enterprise v6

Tasks