General

  • Target

    002eaf4532846dda7d1ac874b97ff28d033ea89890c82dfdb4efd1f6191db555.bin

  • Size

    1.3MB

  • Sample

    220517-np5lmadhck

  • MD5

    122e0a7ed91985c6b12369b4126990cd

  • SHA1

    8b111d95aa1d67b7d16059c42e6f3c9c5ef33ca6

  • SHA256

    002eaf4532846dda7d1ac874b97ff28d033ea89890c82dfdb4efd1f6191db555

  • SHA512

    bb41df581cfd24b2199165574ff2459e23ab5af232a38ee00961d53b7f295d332b89f431cb46030692012d8d98509bb8110bfb994ae66199d68e5adb265ad875

Malware Config

Targets

    • Target

      002eaf4532846dda7d1ac874b97ff28d033ea89890c82dfdb4efd1f6191db555.bin

    • Size

      1.3MB

    • MD5

      122e0a7ed91985c6b12369b4126990cd

    • SHA1

      8b111d95aa1d67b7d16059c42e6f3c9c5ef33ca6

    • SHA256

      002eaf4532846dda7d1ac874b97ff28d033ea89890c82dfdb4efd1f6191db555

    • SHA512

      bb41df581cfd24b2199165574ff2459e23ab5af232a38ee00961d53b7f295d332b89f431cb46030692012d8d98509bb8110bfb994ae66199d68e5adb265ad875

    • Detects Eternity worm

    • Eternity

      Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Remote System Discovery

1
T1018

Collection

Data from Local System

1
T1005

Tasks