General

  • Target

    666.exe

  • Size

    2.1MB

  • Sample

    220910-ncjtdsdfgj

  • MD5

    a2415c70a55fc6411f9679a0cb5a9041

  • SHA1

    d440db44a8ffe43111dacbc59edb7f1ff09e0fa9

  • SHA256

    4cb0b838560c4e859b8aa29c40fffde2f196a827eda7f69a2b766299651c50df

  • SHA512

    6dd023b3e0272d1314592e9050859c039fec7b3e8f7505f2750cffbc0c8156fe95ac8aac05ba5f4852ab5f37c0dfde6ba5af01fe277a640c51255ceabf1de784

  • SSDEEP

    24576:Gf0NGPPL8NvgPPeauBJlLjhVt1xSKMrKUsEDPRaAztFzdi8zu3T/5Yx6GM:G8N+bP7uDZRDU7DJaGFzdA3Tj

Score
10/10

Malware Config

Extracted

Family

eternity

C2

http://rlcjba7wduej3xcstcjo577eqgjsjvcjfsw4i23fqvf2y27ylylhmhad.onion

Targets

    • Target

      666.exe

    • Size

      2.1MB

    • MD5

      a2415c70a55fc6411f9679a0cb5a9041

    • SHA1

      d440db44a8ffe43111dacbc59edb7f1ff09e0fa9

    • SHA256

      4cb0b838560c4e859b8aa29c40fffde2f196a827eda7f69a2b766299651c50df

    • SHA512

      6dd023b3e0272d1314592e9050859c039fec7b3e8f7505f2750cffbc0c8156fe95ac8aac05ba5f4852ab5f37c0dfde6ba5af01fe277a640c51255ceabf1de784

    • SSDEEP

      24576:Gf0NGPPL8NvgPPeauBJlLjhVt1xSKMrKUsEDPRaAztFzdi8zu3T/5Yx6GM:G8N+bP7uDZRDU7DJaGFzdA3Tj

    Score
    10/10
    • Eternity

      Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Accesses Microsoft Outlook profiles

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks