General

  • Target

    fd64e524e0f85d83e28e36f15bcb4033b508abcb3695c02612f56e4122b8beb7

  • Size

    3.1MB

  • Sample

    220802-ca22eafecl

  • MD5

    ead8e51539296698eae0e8d7d3f4443f

  • SHA1

    e4a2ae0e6800c5aa4382eafb0f8985046d92022f

  • SHA256

    fd64e524e0f85d83e28e36f15bcb4033b508abcb3695c02612f56e4122b8beb7

  • SHA512

    20afb72fd5efe24fdedaa1403b66dc165afb497c3e48e1dad3d0719fd13cbb20e1bf4c9e060886c478569f1fe8892ca4cf2f91e2355e77409ff19d9ba8549da2

Malware Config

Extracted

Family

eternity

C2

http://iqox575zftwvbkphhnbdxkg6pfrgcmeos3rebjwdt6ra2r73u5iq2jqd.onion

Attributes
  • payload_urls

    http://c.vinhall169.com/w.exe

    http://c.vinhall169.com/1.exe,https://d3.7-zip.org/a/7z2107-x64.exe

    http://iqox575zftwvbkphhnbdxkg6pfrgcmeos3rebjwdt6ra2r73u5iq2jqd.onion/shared/worm.exe

Targets

    • Target

      fd64e524e0f85d83e28e36f15bcb4033b508abcb3695c02612f56e4122b8beb7

    • Size

      3.1MB

    • MD5

      ead8e51539296698eae0e8d7d3f4443f

    • SHA1

      e4a2ae0e6800c5aa4382eafb0f8985046d92022f

    • SHA256

      fd64e524e0f85d83e28e36f15bcb4033b508abcb3695c02612f56e4122b8beb7

    • SHA512

      20afb72fd5efe24fdedaa1403b66dc165afb497c3e48e1dad3d0719fd13cbb20e1bf4c9e060886c478569f1fe8892ca4cf2f91e2355e77409ff19d9ba8549da2

    • Detects Eternity worm

    • Eternity

      Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Registers COM server for autorun

    • Sets file execution options in registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks