General

  • Target

    025e74a98cb22aab0eb2dbff69cb5abd4f1d529925d9e456f92f5fd6ff1e11c3.bin

  • Size

    62KB

  • Sample

    220517-n63hlabeb8

  • MD5

    c4b46a2d0898e9ba438366f878cd74bd

  • SHA1

    f95a0529fbb8aa61cd3dee602fa6555b2c86dd62

  • SHA256

    025e74a98cb22aab0eb2dbff69cb5abd4f1d529925d9e456f92f5fd6ff1e11c3

  • SHA512

    ae9cf9516ed834af320acd0d65ce58bf9b0b118228c820ee55e8db0d91b931426bdf0144f922c0d34e74f4a5b657ae5cd614179456e700f4618f0721caeb56bd

Malware Config

Targets

    • Target

      025e74a98cb22aab0eb2dbff69cb5abd4f1d529925d9e456f92f5fd6ff1e11c3.bin

    • Size

      62KB

    • MD5

      c4b46a2d0898e9ba438366f878cd74bd

    • SHA1

      f95a0529fbb8aa61cd3dee602fa6555b2c86dd62

    • SHA256

      025e74a98cb22aab0eb2dbff69cb5abd4f1d529925d9e456f92f5fd6ff1e11c3

    • SHA512

      ae9cf9516ed834af320acd0d65ce58bf9b0b118228c820ee55e8db0d91b931426bdf0144f922c0d34e74f4a5b657ae5cd614179456e700f4618f0721caeb56bd

    • Detects Eternity clipper

    • Eternity

      Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.

    • suricata: ET MALWARE Eternity Stealer CnC Domain in DNS Lookup (wasabiwallet .online)

      suricata: ET MALWARE Eternity Stealer CnC Domain in DNS Lookup (wasabiwallet .online)

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks