Overview

overview

10

Static

static

01084efc7d...b6.exe

windows7_x64

10

01084efc7d...b6.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    01084efc7da9b5f5aaa6e109ac5ea39756687c9334df85f757c89149d30a79b6.bin

  • Size

    1.6MB

  • Sample

    220517-nbxc4adfek

  • MD5

    51f680c87f810a25cb8d9f4a217156b6

  • SHA1

    a9cd1c857692aa49dfa9fc93cde2204002326d31

  • SHA256

    01084efc7da9b5f5aaa6e109ac5ea39756687c9334df85f757c89149d30a79b6

  • SHA512

    f7a723641bb65eb4763784da1c2c36d9b0ae07cc7241eb9ef816e20308cfbd1ee77780503768d5784f90a1bc387c09271ccf98fbee0bc8fec2ac9c5b20563c7d

Score
10/10
eternityspywarestealersuricata

Malware Config

Targets

    • Target

      01084efc7da9b5f5aaa6e109ac5ea39756687c9334df85f757c89149d30a79b6.bin

    • Size

      1.6MB

    • MD5

      51f680c87f810a25cb8d9f4a217156b6

    • SHA1

      a9cd1c857692aa49dfa9fc93cde2204002326d31

    • SHA256

      01084efc7da9b5f5aaa6e109ac5ea39756687c9334df85f757c89149d30a79b6

    • SHA512

      f7a723641bb65eb4763784da1c2c36d9b0ae07cc7241eb9ef816e20308cfbd1ee77780503768d5784f90a1bc387c09271ccf98fbee0bc8fec2ac9c5b20563c7d

    Score
    10/10
    eternityspywarestealersuricata

    • Detects Eternity stealer

      stealer

    • Eternity

      Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.

      eternity

    • suricata: ET MALWARE Observed Win32/Eternity Stealer Domain (eternitypr .net in TLS SNI)

      suricata: ET MALWARE Observed Win32/Eternity Stealer Domain (eternitypr .net in TLS SNI)

      suricata

    • suricata: ET MALWARE Observed Win32/Eternity Stealer Domain (eterprx .net in TLS SNI)

      suricata: ET MALWARE Observed Win32/Eternity Stealer Domain (eterprx .net in TLS SNI)

      suricata

    • suricata: ET MALWARE Win32/Eternity Stealer Activity (POST)

      suricata: ET MALWARE Win32/Eternity Stealer Activity (POST)

      suricata

    • suricata: ET MALWARE Win32/Eternity Stealer CnC Domain in DNS Lookup (eternitypr .net)

      suricata: ET MALWARE Win32/Eternity Stealer CnC Domain in DNS Lookup (eternitypr .net)

      suricata

    • suricata: ET MALWARE Win32/Eternity Stealer CnC Domain in DNS Lookup (eterprx .net)

      suricata: ET MALWARE Win32/Eternity Stealer CnC Domain in DNS Lookup (eterprx .net)

      suricata

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks