Overview

overview

10

Static

static

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ca1a716191a8f670286367f8344bee6d9506720eb4b6c7485bf1477c93536288

  • Size

    1.7MB

  • Sample

    221202-d8gc2adh8t

  • MD5

    ce3c2e93978895a4195d6c094f40da7b

  • SHA1

    0efb66a4f8abd84654e1bace4644f72af2e06d65

  • SHA256

    ca1a716191a8f670286367f8344bee6d9506720eb4b6c7485bf1477c93536288

  • SHA512

    32056d7f7b8230e2e7c55e89a5c852ddb96b853bb9d180661dcba99f9f53e23e9fb1a7909e07f247fe9116b3ab9f84b5b0f5cb0626236bc51ced9c49923d731e

  • SSDEEP

    24576:YIK4j/Sb6n6cFx0PNiAoGUMkGKwa92XbbNHJmNVhpvZlWW2cdXp14i8W2heqO:rI66TU0C2XvN4NVTqW2y+

Score
10/10
eternity

Malware Config

Extracted

Family

eternity

C2

http://eternityms33k74r7iuuxfda4sqsiei3o3lbtr5cpalf6f4skszpruad.onion

Attributes
  • payload_urls

    http://167.88.170.23/w993.exe

    http://167.88.170.23/s101.exe,http://167.88.170.23/101.exe,http://167.88.170.23/R101.exe

Targets

    • Target

      ca1a716191a8f670286367f8344bee6d9506720eb4b6c7485bf1477c93536288

    • Size

      1.7MB

    • MD5

      ce3c2e93978895a4195d6c094f40da7b

    • SHA1

      0efb66a4f8abd84654e1bace4644f72af2e06d65

    • SHA256

      ca1a716191a8f670286367f8344bee6d9506720eb4b6c7485bf1477c93536288

    • SHA512

      32056d7f7b8230e2e7c55e89a5c852ddb96b853bb9d180661dcba99f9f53e23e9fb1a7909e07f247fe9116b3ab9f84b5b0f5cb0626236bc51ced9c49923d731e

    • SSDEEP

      24576:YIK4j/Sb6n6cFx0PNiAoGUMkGKwa92XbbNHJmNVhpvZlWW2cdXp14i8W2heqO:rI66TU0C2XvN4NVTqW2y+

    Score
    10/10
    eternity

    • Eternity

      Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.

      eternity

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks