General

  • Target

    453547830b48abba823150cfadab2717f43153598dbba7595bfacc13196a7c2d

  • Size

    423KB

  • Sample

    220908-2zqgcagah7

  • MD5

    f37639060cdf9b426d38afa1a05375c6

  • SHA1

    08da192b66493852158e6393e30cc23d8ff54aa2

  • SHA256

    453547830b48abba823150cfadab2717f43153598dbba7595bfacc13196a7c2d

  • SHA512

    143fe1a1e26b0fb8f4cc785a425c9420795af0a5eff902f8b97910d6e88c830e20397f95a07773e1a229876fbe8a569abc4b260bb56ea318bf19b37191e1053d

  • SSDEEP

    6144:qq1VGlkatj2ER0u+GIIIIIIIhIIIIIIIIIIIIIIIU:d0txm5

Malware Config

Targets

    • Target

      453547830b48abba823150cfadab2717f43153598dbba7595bfacc13196a7c2d

    • Size

      423KB

    • MD5

      f37639060cdf9b426d38afa1a05375c6

    • SHA1

      08da192b66493852158e6393e30cc23d8ff54aa2

    • SHA256

      453547830b48abba823150cfadab2717f43153598dbba7595bfacc13196a7c2d

    • SHA512

      143fe1a1e26b0fb8f4cc785a425c9420795af0a5eff902f8b97910d6e88c830e20397f95a07773e1a229876fbe8a569abc4b260bb56ea318bf19b37191e1053d

    • SSDEEP

      6144:qq1VGlkatj2ER0u+GIIIIIIIhIIIIIIIIIIIIIIIU:d0txm5

    • Detects Eternity clipper

    • Eternity

      Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.

    • Executes dropped EXE

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks