Overview

overview

10

Static

static

1

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7514c71c085913c6ae0c1d556cd4af423e238dca1ad13e0b820895af6a4a6a02

  • Size

    295KB

  • Sample

    230328-tn8jsabh73

  • MD5

    bcf3dd6c7fc056b5ab79eaac510a12fd

  • SHA1

    2ee46fc24ab0b2baad4224ef034afac6eca0c006

  • SHA256

    7514c71c085913c6ae0c1d556cd4af423e238dca1ad13e0b820895af6a4a6a02

  • SHA512

    5142ba2acf90644d3d4584d59ae45712bc271d07a7799eedb8db1f020383775d1eb3005c0404de461c760b7384dae41b5273da6a81eafdcfa9fbf7bdebd641a7

  • SSDEEP

    3072:rXd2H685mdnkcvFZX3BCIOM+DPYFLqvuIWRpGosXMmNR81VY2Avwpqlmc2toiDT9:LmYdnkg3BJdwXNNRwAvKbtDDT9

Score
10/10
smokeloadersprgbackdoorspywarestealertrojan

Malware Config

Extracted

Family

smokeloader

Botnet

sprg

Extracted

Family

smokeloader

Version

2022

C2

http://hoh0aeghwugh2gie.com/

http://hie7doodohpae4na.com/

http://aek0aicifaloh1yo.com/

http://yic0oosaeiy7ahng.com/

http://wa5zu7sekai8xeih.com/
rc4.i32
rc4.i32

Targets

    • Target

      7514c71c085913c6ae0c1d556cd4af423e238dca1ad13e0b820895af6a4a6a02

    • Size

      295KB

    • MD5

      bcf3dd6c7fc056b5ab79eaac510a12fd

    • SHA1

      2ee46fc24ab0b2baad4224ef034afac6eca0c006

    • SHA256

      7514c71c085913c6ae0c1d556cd4af423e238dca1ad13e0b820895af6a4a6a02

    • SHA512

      5142ba2acf90644d3d4584d59ae45712bc271d07a7799eedb8db1f020383775d1eb3005c0404de461c760b7384dae41b5273da6a81eafdcfa9fbf7bdebd641a7

    • SSDEEP

      3072:rXd2H685mdnkcvFZX3BCIOM+DPYFLqvuIWRpGosXMmNR81VY2Avwpqlmc2toiDT9:LmYdnkg3BJdwXNNRwAvKbtDDT9

    Score
    10/10
    smokeloadersprgbackdoorspywarestealertrojan

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks