General
-
Target
fd64e524e0f85d83e28e36f15bcb4033b508abcb3695c02612f56e4122b8beb7
-
Size
3.1MB
-
Sample
220802-ca22eafecl
-
MD5
ead8e51539296698eae0e8d7d3f4443f
-
SHA1
e4a2ae0e6800c5aa4382eafb0f8985046d92022f
-
SHA256
fd64e524e0f85d83e28e36f15bcb4033b508abcb3695c02612f56e4122b8beb7
-
SHA512
20afb72fd5efe24fdedaa1403b66dc165afb497c3e48e1dad3d0719fd13cbb20e1bf4c9e060886c478569f1fe8892ca4cf2f91e2355e77409ff19d9ba8549da2
Behavioral task
behavioral1
Sample
fd64e524e0f85d83e28e36f15bcb4033b508abcb3695c02612f56e4122b8beb7.exe
Resource
win7-20220718-en
Malware Config
Extracted
eternity
http://iqox575zftwvbkphhnbdxkg6pfrgcmeos3rebjwdt6ra2r73u5iq2jqd.onion
-
payload_urls
http://c.vinhall169.com/w.exe
http://c.vinhall169.com/1.exe,https://d3.7-zip.org/a/7z2107-x64.exe
http://iqox575zftwvbkphhnbdxkg6pfrgcmeos3rebjwdt6ra2r73u5iq2jqd.onion/shared/worm.exe
Targets
-
-
Target
fd64e524e0f85d83e28e36f15bcb4033b508abcb3695c02612f56e4122b8beb7
-
Size
3.1MB
-
MD5
ead8e51539296698eae0e8d7d3f4443f
-
SHA1
e4a2ae0e6800c5aa4382eafb0f8985046d92022f
-
SHA256
fd64e524e0f85d83e28e36f15bcb4033b508abcb3695c02612f56e4122b8beb7
-
SHA512
20afb72fd5efe24fdedaa1403b66dc165afb497c3e48e1dad3d0719fd13cbb20e1bf4c9e060886c478569f1fe8892ca4cf2f91e2355e77409ff19d9ba8549da2
-
Detects Eternity worm
-
Eternity
Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Registers COM server for autorun
-
Sets file execution options in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-