Overview

overview

10

Static

static

3

dridex

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    7e8f03d34650bc6e1b38f8503bd550379fd07b69d9b6fb9be412471f42859830

  • Size

    253KB

  • Sample

    230917-nmt24sce76

  • MD5

    612c7aa66fa6f405819faee4f9f8d2be

  • SHA1

    ead613a91ad6599a11b0133367832c1045db8b95

  • SHA256

    7e8f03d34650bc6e1b38f8503bd550379fd07b69d9b6fb9be412471f42859830

  • SHA512

    7ce5ca70875e01ceeb039cfc2e00498cea62aa78f8820b2861be117accb04f360eee3525fd47e8db42907881702c60978304385c328c8f83d820cecb1bc377e1

  • SSDEEP

    3072:GpUmM1sjwyVztvgEdPx2Ky0Hvi2THIqRrFKuI0:CMGjwGJvJX1pHvi2THIkA

Score
10/10
smokeloaderup4backdoorpersistencetrojan

Malware Config

Extracted

Family

smokeloader

Botnet

up4

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-file0.com/

http://file-file-file1.com/
rc4.i32
rc4.i32

Targets

    • Target

      7e8f03d34650bc6e1b38f8503bd550379fd07b69d9b6fb9be412471f42859830

    • Size

      253KB

    • MD5

      612c7aa66fa6f405819faee4f9f8d2be

    • SHA1

      ead613a91ad6599a11b0133367832c1045db8b95

    • SHA256

      7e8f03d34650bc6e1b38f8503bd550379fd07b69d9b6fb9be412471f42859830

    • SHA512

      7ce5ca70875e01ceeb039cfc2e00498cea62aa78f8820b2861be117accb04f360eee3525fd47e8db42907881702c60978304385c328c8f83d820cecb1bc377e1

    • SSDEEP

      3072:GpUmM1sjwyVztvgEdPx2Ky0Hvi2THIqRrFKuI0:CMGjwGJvJX1pHvi2THIkA

    Score
    10/10
    smokeloaderup4backdoorpersistencetrojan

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Modifies Installed Components in the registry

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks