Overview

overview

10

Static

static

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3a009086354d36c399b689d0476851679b8e09e9d3098df6267266c5b77ad750

  • Size

    194KB

  • Sample

    221116-ehel7aha76

  • MD5

    125975244c8ec405e0c0a62ebfc19342

  • SHA1

    c5c8d94adb60b82cfcc1f597bcd5d6f98c4cd5a9

  • SHA256

    3a009086354d36c399b689d0476851679b8e09e9d3098df6267266c5b77ad750

  • SHA512

    df4804b192fdccd0d4ffc0686698abe124c77e2aa159d764ec6fe2e44812d67295adf163e2c9f824b999a4d4e6f2657fbe01b1fde370e0cf9ba1fdb4cea0d13f

  • SSDEEP

    3072:/wWree3u5WKjXpewqBVW2Xg6hZGZtLQe1XLxhjVDPG7kPdYlvB4XrkHD:IVer8X0wUVWW4tUoXDQhtBa

Score
10/10
amadeyeternitysmokeloaderbackdoorcollectiondiscoveryevasionpersistencespywarestealertrojan

Malware Config

Extracted

Family

eternity

C2

http://eternityms33k74r7iuuxfda4sqsiei3o3lbtr5cpalf6f4skszpruad.onion

Targets

    • Target

      3a009086354d36c399b689d0476851679b8e09e9d3098df6267266c5b77ad750

    • Size

      194KB

    • MD5

      125975244c8ec405e0c0a62ebfc19342

    • SHA1

      c5c8d94adb60b82cfcc1f597bcd5d6f98c4cd5a9

    • SHA256

      3a009086354d36c399b689d0476851679b8e09e9d3098df6267266c5b77ad750

    • SHA512

      df4804b192fdccd0d4ffc0686698abe124c77e2aa159d764ec6fe2e44812d67295adf163e2c9f824b999a4d4e6f2657fbe01b1fde370e0cf9ba1fdb4cea0d13f

    • SSDEEP

      3072:/wWree3u5WKjXpewqBVW2Xg6hZGZtLQe1XLxhjVDPG7kPdYlvB4XrkHD:IVer8X0wUVWW4tUoXDQhtBa

    Score
    10/10
    amadeyeternitysmokeloaderbackdoorcollectiondiscoveryevasionpersistencespywarestealertrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Detects Smokeloader packer

    • Eternity

      Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.

      eternity

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Checks whether UAC is enabled

      evasiontrojan

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Registry Run Keys / Startup Folder

1
T1060

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Modify Registry

1
T1112

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

6
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

6
T1082

Network Service Scanning

1
T1046

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Data from Local System

2
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks