General

  • Target

    7c0790ce5a7cfd7a3ab0af70a4766b7003bdf8eb2e366f5c74f609c57c34f4bb

  • Size

    1.7MB

  • Sample

    220802-ca7xnafecr

  • MD5

    579d28e50ecccfc10ead72711c9ea77a

  • SHA1

    ec16922366cf1f97d598b203608ea7ade90a8d85

  • SHA256

    7c0790ce5a7cfd7a3ab0af70a4766b7003bdf8eb2e366f5c74f609c57c34f4bb

  • SHA512

    8bd1e06c2720df9bbbc639983cc16f07ab7e37e236185e67c37e4a2131a3a3127dbf69e7ffa6f2b5316e606f1fb6a7742143fd5f432a63090760aafc02af2e44

Malware Config

Extracted

Family

eternity

C2

http://iqox575zftwvbkphhnbdxkg6pfrgcmeos3rebjwdt6ra2r73u5iq2jqd.onion

Attributes
  • payload_urls

    http://c.vinhall169.com/w.exe

    http://c.vinhall169.com/1.exe,https://d3.7-zip.org/a/7z2107-x64.exe

    http://iqox575zftwvbkphhnbdxkg6pfrgcmeos3rebjwdt6ra2r73u5iq2jqd.onion/shared/worm.exe

Targets

    • Target

      7c0790ce5a7cfd7a3ab0af70a4766b7003bdf8eb2e366f5c74f609c57c34f4bb

    • Size

      1.7MB

    • MD5

      579d28e50ecccfc10ead72711c9ea77a

    • SHA1

      ec16922366cf1f97d598b203608ea7ade90a8d85

    • SHA256

      7c0790ce5a7cfd7a3ab0af70a4766b7003bdf8eb2e366f5c74f609c57c34f4bb

    • SHA512

      8bd1e06c2720df9bbbc639983cc16f07ab7e37e236185e67c37e4a2131a3a3127dbf69e7ffa6f2b5316e606f1fb6a7742143fd5f432a63090760aafc02af2e44

    • Detects Eternity worm

    • Eternity

      Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v6

Tasks