General

  • Target

    00618ca52d7c0025466be5d8e3ca79bb3fb388178b937a54a2411a0cd1d79eee.bin

  • Size

    1.3MB

  • Sample

    220517-nq347abcd4

  • MD5

    2cfd0272114a3158b904ea8fec66545b

  • SHA1

    79cae9eb69877b6ad9fb947a7edfc01427ac4b89

  • SHA256

    00618ca52d7c0025466be5d8e3ca79bb3fb388178b937a54a2411a0cd1d79eee

  • SHA512

    b37b0b82bf4c5eae81efc7284efb3a1fc25e790fce7cfc2735a769eae010d2cfa6633a5b6def5107ef88d684cd0dfdfe8f8c402e177a9786bbbed51a4e5d79fe

Malware Config

Targets

    • Target

      00618ca52d7c0025466be5d8e3ca79bb3fb388178b937a54a2411a0cd1d79eee.bin

    • Size

      1.3MB

    • MD5

      2cfd0272114a3158b904ea8fec66545b

    • SHA1

      79cae9eb69877b6ad9fb947a7edfc01427ac4b89

    • SHA256

      00618ca52d7c0025466be5d8e3ca79bb3fb388178b937a54a2411a0cd1d79eee

    • SHA512

      b37b0b82bf4c5eae81efc7284efb3a1fc25e790fce7cfc2735a769eae010d2cfa6633a5b6def5107ef88d684cd0dfdfe8f8c402e177a9786bbbed51a4e5d79fe

    • Detects Eternity worm

    • Eternity

      Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Remote System Discovery

1
T1018

Collection

Data from Local System

1
T1005

Tasks