General

  • Target

    5c60d80f4960aa379707452c04c54ec989dcdf83ec3b7ef57e5371d5c7adaa1e

  • Size

    1.9MB

  • Sample

    220801-r6jbhaahap

  • MD5

    94d8f4406eb3591c3a8da5ac2eee3e24

  • SHA1

    b3cf77bd8fcd6c401b9aa90b1b851544f4c78498

  • SHA256

    5c60d80f4960aa379707452c04c54ec989dcdf83ec3b7ef57e5371d5c7adaa1e

  • SHA512

    ac3990f18a837ea1a623ee2ba7281493cfa1dcace63a2c7d9b69e58f5814020963df9a0bd2066bc69a2bdde6febae48eadcf5175d28d00cd4daeeb6f6a959290

Malware Config

Targets

    • Target

      5c60d80f4960aa379707452c04c54ec989dcdf83ec3b7ef57e5371d5c7adaa1e

    • Size

      1.9MB

    • MD5

      94d8f4406eb3591c3a8da5ac2eee3e24

    • SHA1

      b3cf77bd8fcd6c401b9aa90b1b851544f4c78498

    • SHA256

      5c60d80f4960aa379707452c04c54ec989dcdf83ec3b7ef57e5371d5c7adaa1e

    • SHA512

      ac3990f18a837ea1a623ee2ba7281493cfa1dcace63a2c7d9b69e58f5814020963df9a0bd2066bc69a2bdde6febae48eadcf5175d28d00cd4daeeb6f6a959290

    • Detects Eternity stealer

    • Eternity

      Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks