Overview

overview

10

Static

static

3

dridex

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6d487120a2080a06bc121647ba6e29002cc026b36015526dcee1885bd96e1d2b

  • Size

    257KB

  • Sample

    230919-sk8jyabh35

  • MD5

    f8506003c9b522313ef6d925ec5d607b

  • SHA1

    b89aea4c53f30d8ad1c3919f9054869cd7e88781

  • SHA256

    6d487120a2080a06bc121647ba6e29002cc026b36015526dcee1885bd96e1d2b

  • SHA512

    5019b680c945df5ac363c4ecf6e4cea7ddb96512923c3092a8a3b973eb8dd8cc64de45af7ccd7544036948cdaa7eb46082f4cd59bc78fce0d4a701116b226b1b

  • SSDEEP

    6144:ewOTmInU3SPmZbHh3Y/feAOTfueHvw216NfYyUi9:ewuU3SPJ/2geHqYyUi

Score
10/10
fabookiegluptebaredlinesmokeloader0305up3backdoordropperinfostealerloaderspywarestealertrojan

Malware Config

Extracted

Family

smokeloader

Version

2022

C2

http://77.91.68.29/fks/

rc4.i32
rc4.i32

Extracted

Family

redline

Botnet

0305

C2

185.215.113.25:10195

Attributes
  • auth_value

    c86205ff1cc37b2da12f0190adfda52c

Extracted

Family

smokeloader

Botnet

up3

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/
rc4.i32
rc4.i32

Targets

    • Target

      6d487120a2080a06bc121647ba6e29002cc026b36015526dcee1885bd96e1d2b

    • Size

      257KB

    • MD5

      f8506003c9b522313ef6d925ec5d607b

    • SHA1

      b89aea4c53f30d8ad1c3919f9054869cd7e88781

    • SHA256

      6d487120a2080a06bc121647ba6e29002cc026b36015526dcee1885bd96e1d2b

    • SHA512

      5019b680c945df5ac363c4ecf6e4cea7ddb96512923c3092a8a3b973eb8dd8cc64de45af7ccd7544036948cdaa7eb46082f4cd59bc78fce0d4a701116b226b1b

    • SSDEEP

      6144:ewOTmInU3SPmZbHh3Y/feAOTfueHvw216NfYyUi9:ewuU3SPJ/2geHqYyUi

    Score
    10/10
    fabookiegluptebaredlinesmokeloader0305up3backdoordropperinfostealerloaderspywarestealertrojan

    • Detect Fabookie payload

    • Fabookie

      Fabookie is facebook account info stealer.

      spywarestealerfabookie

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

      loaderdropperglupteba

    • Glupteba payload

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks