Overview

overview

10

Static

static

0a6e2af270...e4.exe

windows7_x64

10

0a6e2af270...e4.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0a6e2af27039d17fc07f815b64fe9279b14d8d051902eb588807433cd9d272e4.bin

  • Size

    1.5MB

  • Sample

    220603-j54baaddf6

  • MD5

    a3556fe22b3cadaea5bad8d67b63e16a

  • SHA1

    d8442ca998329eafbf7419a6126443195948d0ea

  • SHA256

    0a6e2af27039d17fc07f815b64fe9279b14d8d051902eb588807433cd9d272e4

  • SHA512

    0cee4e20c9f57747f0436ca2bd2f7eec43fba27200c7d62c8303e0d248d87566df377568d68dd4ca7640a2f5a03702b7b4f17bd5984933fc926327889072c06c

Score
10/10
eternityworm

Malware Config

Extracted

Family

eternity

C2

http://lightnogu5owjjllyo4tj2sfos6fchnmcidlgo6c7e6fz2hgryhfhoyd.onion

Attributes
  • payload_urls

    http://soapbeginshops.com/kingz.exe

    http://lightnogu5owjjllyo4tj2sfos6fchnmcidlgo6c7e6fz2hgryhfhoyd.onion/shared/telegram.exe

Targets

    • Target

      0a6e2af27039d17fc07f815b64fe9279b14d8d051902eb588807433cd9d272e4.bin

    • Size

      1.5MB

    • MD5

      a3556fe22b3cadaea5bad8d67b63e16a

    • SHA1

      d8442ca998329eafbf7419a6126443195948d0ea

    • SHA256

      0a6e2af27039d17fc07f815b64fe9279b14d8d051902eb588807433cd9d272e4

    • SHA512

      0cee4e20c9f57747f0436ca2bd2f7eec43fba27200c7d62c8303e0d248d87566df377568d68dd4ca7640a2f5a03702b7b4f17bd5984933fc926327889072c06c

    Score
    10/10
    eternityworm

    • Eternity

      Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.

      eternity

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks