Overview

overview

10

Static

static

1

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4d8c0bd65f9bea90f5d7920263046d7c9a685b282069e78ca41c0fd7786f9683

  • Size

    270KB

  • Sample

    230328-jq1a3shf93

  • MD5

    f327f6ef1dc226809ef882ea630a43b4

  • SHA1

    c069c4acf8076e7b04622dfde75db41aa984ff7c

  • SHA256

    4d8c0bd65f9bea90f5d7920263046d7c9a685b282069e78ca41c0fd7786f9683

  • SHA512

    0583ca5b11070d69449ea074988c7f8c5ba9918389d2a064bbfaa99c2591947651010a8125db1b3aa55a3069ac74810ec24ab4241d6be9d04d702f33ea80d40e

  • SSDEEP

    3072:GizQdKgnUO3SjgsDa48LpK7ClB/KIWPaDEW3gXcLIcGngp1aBslmhZ:Zbg33SjTDajDR0aDEYgsnp1ax

Score
10/10
smokeloadersprgbackdoorspywarestealertrojan

Malware Config

Extracted

Family

smokeloader

Botnet

sprg

Extracted

Family

smokeloader

Version

2022

C2

http://hoh0aeghwugh2gie.com/

http://hie7doodohpae4na.com/

http://aek0aicifaloh1yo.com/

http://yic0oosaeiy7ahng.com/

http://wa5zu7sekai8xeih.com/
rc4.i32
rc4.i32

Targets

    • Target

      4d8c0bd65f9bea90f5d7920263046d7c9a685b282069e78ca41c0fd7786f9683

    • Size

      270KB

    • MD5

      f327f6ef1dc226809ef882ea630a43b4

    • SHA1

      c069c4acf8076e7b04622dfde75db41aa984ff7c

    • SHA256

      4d8c0bd65f9bea90f5d7920263046d7c9a685b282069e78ca41c0fd7786f9683

    • SHA512

      0583ca5b11070d69449ea074988c7f8c5ba9918389d2a064bbfaa99c2591947651010a8125db1b3aa55a3069ac74810ec24ab4241d6be9d04d702f33ea80d40e

    • SSDEEP

      3072:GizQdKgnUO3SjgsDa48LpK7ClB/KIWPaDEW3gXcLIcGngp1aBslmhZ:Zbg33SjTDajDR0aDEYgsnp1ax

    Score
    10/10
    smokeloadersprgbackdoorspywarestealertrojan

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks