General

  • Size

    334KB

  • Sample

    220923-g7w9mshcgj

  • MD5

    126fe59c0f926132abfef83696fc9aac

  • SHA1

    c4f2047455d5f02af5ec8cf9644f8cd491fd7e46

  • SHA256

    fa2a334940cbe72ec5ac5fb691299d9964b6de2a778172c9b8d6738a9cdbd01b

  • SHA512

    36927d1d03463220057b1acd58a45dc9a6cf9f25d21652c35dc891125ce4da36807aea90548cf0a4dfc6c2e2c3ffab893fa2426831866182436d8242522549a5

Malware Config

Extracted

Family

eternity

C2

http://rlcjba7wduej3xcstcjo577eqgjsjvcjfsw4i23fqvf2y27ylylhmhad.onion

Targets

    • Target

      0x00090000000139f7-58.dat

    • Size

      334KB

    • MD5

      126fe59c0f926132abfef83696fc9aac

    • SHA1

      c4f2047455d5f02af5ec8cf9644f8cd491fd7e46

    • SHA256

      fa2a334940cbe72ec5ac5fb691299d9964b6de2a778172c9b8d6738a9cdbd01b

    • SHA512

      36927d1d03463220057b1acd58a45dc9a6cf9f25d21652c35dc891125ce4da36807aea90548cf0a4dfc6c2e2c3ffab893fa2426831866182436d8242522549a5

    • Eternity

      Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Matrix

Command and Control

    Credential Access

    Execution

      Exfiltration

        Impact

          Initial Access

            Lateral Movement

              Persistence

                Privilege Escalation