Overview

overview

10

Static

static

1

dridex

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/03/2023, 07:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1a49bbcceb07f924f470f574bff3b7ad9d0622026e48af4a9f60b8c6fe072130.exe

  • Size

    270KB

  • MD5

    57caa38821163a93ba5b64503740783c

  • SHA1

    079d4362ab22c59000d75ff08ca121b61b9d40f9

  • SHA256

    1a49bbcceb07f924f470f574bff3b7ad9d0622026e48af4a9f60b8c6fe072130

  • SHA512

    e410c112cfbdbb97b45ccf408b9372b2921c1bd84adc777efb92172570eeed367272be7b32df858a66b48ef08257796a47b777e041700c19475be1f0dcbdc397

  • SSDEEP

    3072:bz9QZ1WJo0DxhQghTN8v/CCRkxcYw9sgrrqTKdwKsTOmQ90ZlmhU:lUWzDxhnhTAkxPwFrqTKKKqTPV

Score
10/10
smokeloadersprgbackdoortrojan

Malware Config

Extracted

Family

smokeloader

Botnet

sprg

Extracted

Family

smokeloader

Version

2022

C2

http://hoh0aeghwugh2gie.com/

http://hie7doodohpae4na.com/

http://aek0aicifaloh1yo.com/

http://yic0oosaeiy7ahng.com/

http://wa5zu7sekai8xeih.com/
rc4.i32
rc4.i32

Signatures

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 19 IoCs
  • Suspicious use of WriteProcessMemory 33 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\1a49bbcceb07f924f470f574bff3b7ad9d0622026e48af4a9f60b8c6fe072130.exe
    "C:\Users\Admin\AppData\Local\Temp\1a49bbcceb07f924f470f574bff3b7ad9d0622026e48af4a9f60b8c6fe072130.exe"
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    PID:5036
  • C:\Windows\SysWOW64\explorer.exe
    C:\Windows\SysWOW64\explorer.exe
    1⤵
      PID:3652
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe
      1⤵
        PID:4444
      • C:\Windows\SysWOW64\explorer.exe
        C:\Windows\SysWOW64\explorer.exe
        1⤵
          PID:4528
        • C:\Windows\explorer.exe
          C:\Windows\explorer.exe
          1⤵
            PID:2564
          • C:\Windows\SysWOW64\explorer.exe
            C:\Windows\SysWOW64\explorer.exe
            1⤵
              PID:3804
            • C:\Windows\SysWOW64\explorer.exe
              C:\Windows\SysWOW64\explorer.exe
              1⤵
                PID:4468
              • C:\Windows\SysWOW64\explorer.exe
                C:\Windows\SysWOW64\explorer.exe
                1⤵
                  PID:976
                • C:\Windows\explorer.exe
                  C:\Windows\explorer.exe
                  1⤵
                    PID:4052
                  • C:\Windows\SysWOW64\explorer.exe
                    C:\Windows\SysWOW64\explorer.exe
                    1⤵
                      PID:3688

                    Network

                    MITRE ATT&CK Enterprise v6

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • memory/976-173-0x0000000000560000-0x0000000000569000-memory.dmp

                      Filesize

                      36KB

                      Download

                    • memory/976-164-0x00000000012B0000-0x00000000012BB000-memory.dmp

                      Filesize

                      44KB

                      Download

                    • memory/976-165-0x0000000000560000-0x0000000000569000-memory.dmp

                      Filesize

                      36KB

                      Download

                    • memory/976-166-0x00000000012B0000-0x00000000012BB000-memory.dmp

                      Filesize

                      44KB

                      Download

                    • memory/2564-155-0x0000000000400000-0x000000000040C000-memory.dmp

                      Filesize

                      48KB

                      Download

                    • memory/2564-156-0x0000000000AA0000-0x0000000000AA9000-memory.dmp

                      Filesize

                      36KB

                      Download

                    • memory/2564-157-0x0000000000400000-0x000000000040C000-memory.dmp

                      Filesize

                      48KB

                      Download

                    • memory/3140-135-0x00000000020A0000-0x00000000020B6000-memory.dmp

                      Filesize

                      88KB

                      Download

                    • memory/3652-148-0x0000000002CF0000-0x0000000002CF9000-memory.dmp

                      Filesize

                      36KB

                      Download

                    • memory/3652-149-0x0000000000B80000-0x0000000000B8B000-memory.dmp

                      Filesize

                      44KB

                      Download

                    • memory/3652-146-0x0000000000B80000-0x0000000000B8B000-memory.dmp

                      Filesize

                      44KB

                      Download

                    • memory/3688-171-0x0000000000B20000-0x0000000000B2B000-memory.dmp

                      Filesize

                      44KB

                      Download

                    • memory/3688-170-0x0000000000B20000-0x0000000000B2B000-memory.dmp

                      Filesize

                      44KB

                      Download

                    • memory/3688-175-0x0000000000BF0000-0x0000000000BFD000-memory.dmp

                      Filesize

                      52KB

                      Download

                    • memory/3804-160-0x0000000000F40000-0x0000000000F67000-memory.dmp

                      Filesize

                      156KB

                      Download

                    • memory/3804-158-0x0000000000F40000-0x0000000000F67000-memory.dmp

                      Filesize

                      156KB

                      Download

                    • memory/3804-159-0x0000000000400000-0x000000000040C000-memory.dmp

                      Filesize

                      48KB

                      Download

                    • memory/4052-167-0x0000000000BF0000-0x0000000000BFD000-memory.dmp

                      Filesize

                      52KB

                      Download

                    • memory/4052-174-0x00000000012B0000-0x00000000012BB000-memory.dmp

                      Filesize

                      44KB

                      Download

                    • memory/4052-168-0x00000000012B0000-0x00000000012BB000-memory.dmp

                      Filesize

                      44KB

                      Download

                    • memory/4052-169-0x0000000000BF0000-0x0000000000BFD000-memory.dmp

                      Filesize

                      52KB

                      Download

                    • memory/4444-150-0x0000000000B80000-0x0000000000B8B000-memory.dmp

                      Filesize

                      44KB

                      Download

                    • memory/4444-147-0x0000000000810000-0x000000000081F000-memory.dmp

                      Filesize

                      60KB

                      Download

                    • memory/4444-151-0x0000000000810000-0x000000000081F000-memory.dmp

                      Filesize

                      60KB

                      Download

                    • memory/4468-162-0x0000000000F40000-0x0000000000F67000-memory.dmp

                      Filesize

                      156KB

                      Download

                    • memory/4468-163-0x0000000000560000-0x0000000000569000-memory.dmp

                      Filesize

                      36KB

                      Download

                    • memory/4468-161-0x0000000000560000-0x0000000000569000-memory.dmp

                      Filesize

                      36KB

                      Download

                    • memory/4468-172-0x0000000000F40000-0x0000000000F67000-memory.dmp

                      Filesize

                      156KB

                      Download

                    • memory/4528-154-0x0000000000AA0000-0x0000000000AA9000-memory.dmp

                      Filesize

                      36KB

                      Download

                    • memory/4528-152-0x0000000000AA0000-0x0000000000AA9000-memory.dmp

                      Filesize

                      36KB

                      Download

                    • memory/4528-153-0x0000000000810000-0x000000000081F000-memory.dmp

                      Filesize

                      60KB

                      Download

                    • memory/5036-134-0x0000000002CF0000-0x0000000002CF9000-memory.dmp

                      Filesize

                      36KB

                      Download

                    • memory/5036-136-0x0000000000400000-0x0000000002B71000-memory.dmp

                      Filesize

                      39.4MB

                      Download