Overview

overview

10

Static

static

10

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    08fef20cc97d6ab3a9dfa6da0cf804168fa862b6f1fcae7616d8dc8c75da9951

  • Size

    1.3MB

  • Sample

    221208-nq27wscg8w

  • MD5

    17f511ac04c38cc724a32db5ee6396df

  • SHA1

    989d1cb5f7e47a84c375b7413928d7ab73e24ff5

  • SHA256

    08fef20cc97d6ab3a9dfa6da0cf804168fa862b6f1fcae7616d8dc8c75da9951

  • SHA512

    3f681c60582c0bdd7efc198063ad9a5bf5e685dede586ab067272cffdfced628af7075bec907353dbec9a5ae5d30b7382f91e9b68325ff5c2c67325db9584317

  • SSDEEP

    24576:sEkH+O5MMsj/8oJ0HOgwzMIdEyaXC772Q9NXw2/wPOjdGxYq:sZHZ5MMpoJOp+MIVai7Tq24GjdGS

Score
10/10
eternity

Malware Config

Extracted

Family

eternity

C2

http://eternityms33k74r7iuuxfda4sqsiei3o3lbtr5cpalf6f4skszpruad.onion

Attributes
  • payload_urls

    http://167.88.170.23/w993.exe

    http://167.88.170.23/s101.exe,http://167.88.170.23/101.exe,http://167.88.170.23/R101.exe

Targets

    • Target

      08fef20cc97d6ab3a9dfa6da0cf804168fa862b6f1fcae7616d8dc8c75da9951

    • Size

      1.3MB

    • MD5

      17f511ac04c38cc724a32db5ee6396df

    • SHA1

      989d1cb5f7e47a84c375b7413928d7ab73e24ff5

    • SHA256

      08fef20cc97d6ab3a9dfa6da0cf804168fa862b6f1fcae7616d8dc8c75da9951

    • SHA512

      3f681c60582c0bdd7efc198063ad9a5bf5e685dede586ab067272cffdfced628af7075bec907353dbec9a5ae5d30b7382f91e9b68325ff5c2c67325db9584317

    • SSDEEP

      24576:sEkH+O5MMsj/8oJ0HOgwzMIdEyaXC772Q9NXw2/wPOjdGxYq:sZHZ5MMpoJOp+MIVai7Tq24GjdGS

    Score
    10/10
    eternity

    • Eternity

      Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.

      eternity

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks