General

  • Target

    7f69f2fe22dfaa47d7fdb7dd3a78b6feae38ea490dc2b81b7d044cd64836429b

  • Size

    532KB

  • Sample

    220824-179phscgc6

  • MD5

    a18b2b6648a6e116fb85974ed5b174eb

  • SHA1

    2335736ebb5b727dd221adaaf4a6e319d54650c1

  • SHA256

    7f69f2fe22dfaa47d7fdb7dd3a78b6feae38ea490dc2b81b7d044cd64836429b

  • SHA512

    179c9a08696e37c4d5b46b8e5195edee16d93098f2f400cd4312a2879edc149fb3472b1bb6e50bd3022cd88074950fea369c93a54d25e2d05842add78e9ade9e

  • SSDEEP

    12288:J7EaM88A/SFXR2i8u+kkXdXoDzXQfYw4wunnq:lP/KpR2pL5XtoDDQf4bq

Malware Config

Extracted

Family

eternity

C2

http://rlcjba7wduej3xcstcjo577eqgjsjvcjfsw4i23fqvf2y27ylylhmhad.onion

Targets

    • Target

      7f69f2fe22dfaa47d7fdb7dd3a78b6feae38ea490dc2b81b7d044cd64836429b

    • Size

      532KB

    • MD5

      a18b2b6648a6e116fb85974ed5b174eb

    • SHA1

      2335736ebb5b727dd221adaaf4a6e319d54650c1

    • SHA256

      7f69f2fe22dfaa47d7fdb7dd3a78b6feae38ea490dc2b81b7d044cd64836429b

    • SHA512

      179c9a08696e37c4d5b46b8e5195edee16d93098f2f400cd4312a2879edc149fb3472b1bb6e50bd3022cd88074950fea369c93a54d25e2d05842add78e9ade9e

    • SSDEEP

      12288:J7EaM88A/SFXR2i8u+kkXdXoDzXQfYw4wunnq:lP/KpR2pL5XtoDDQf4bq

    • Detects Eternity clipper

    • Eternity

      Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks