General

  • Target

    01f0f1f0ee4153c62a5d538217c9e4b5e714c67a6eb68d9c17ab595a0a658fef.bin

  • Size

    882KB

  • Sample

    220517-nb4geabab9

  • MD5

    4a8170905bbb4607bdaf7cb186e8b4f8

  • SHA1

    172a2297a2b226c372b92ac2d07058417a71dd6c

  • SHA256

    01f0f1f0ee4153c62a5d538217c9e4b5e714c67a6eb68d9c17ab595a0a658fef

  • SHA512

    9d2acd7cb59d78e8ccffa8264bca58a9574bb2c0f23a15137355457fe971f79c927dcebc83fb77ab277881977bf523ca98038cda57ad255409b71914672aff74

Malware Config

Targets

    • Target

      01f0f1f0ee4153c62a5d538217c9e4b5e714c67a6eb68d9c17ab595a0a658fef.bin

    • Size

      882KB

    • MD5

      4a8170905bbb4607bdaf7cb186e8b4f8

    • SHA1

      172a2297a2b226c372b92ac2d07058417a71dd6c

    • SHA256

      01f0f1f0ee4153c62a5d538217c9e4b5e714c67a6eb68d9c17ab595a0a658fef

    • SHA512

      9d2acd7cb59d78e8ccffa8264bca58a9574bb2c0f23a15137355457fe971f79c927dcebc83fb77ab277881977bf523ca98038cda57ad255409b71914672aff74

    • Detects Eternity stealer

    • Eternity

      Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.

    • suricata: ET MALWARE Observed Win32/Eternity Stealer Domain (eternitypr .net in TLS SNI)

      suricata: ET MALWARE Observed Win32/Eternity Stealer Domain (eternitypr .net in TLS SNI)

    • suricata: ET MALWARE Observed Win32/Eternity Stealer Domain (eterprx .net in TLS SNI)

      suricata: ET MALWARE Observed Win32/Eternity Stealer Domain (eterprx .net in TLS SNI)

    • suricata: ET MALWARE Win32/Eternity Stealer Activity (POST)

      suricata: ET MALWARE Win32/Eternity Stealer Activity (POST)

    • suricata: ET MALWARE Win32/Eternity Stealer CnC Domain in DNS Lookup (eternitypr .net)

      suricata: ET MALWARE Win32/Eternity Stealer CnC Domain in DNS Lookup (eternitypr .net)

    • suricata: ET MALWARE Win32/Eternity Stealer CnC Domain in DNS Lookup (eterprx .net)

      suricata: ET MALWARE Win32/Eternity Stealer CnC Domain in DNS Lookup (eterprx .net)

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

1
T1081

Collection

Data from Local System

1
T1005

Tasks