General

  • Target

    a76c1125dacfbc3915da530751b42959.bin.exe

  • Size

    70KB

  • Sample

    230821-qy359sda82

  • MD5

    a76c1125dacfbc3915da530751b42959

  • SHA1

    5d7e45a1e91f30f69c585b85676c30969f7227de

  • SHA256

    9ab7986388ed985549037d1aa7663f59281f7babdaf9a5312e9653eefc88f7c0

  • SHA512

    f606b6280156d5de5ef19b9a24e32cacf871673b8474d3cedbdb59df94fbae41d855db4dde2e7aa97cde6c911408fe2fd9fa10ee0ec342f728371a01df4d40b5

  • SSDEEP

    768:GI8h1BxX3dkIoBQ+0fc246aVKyFVKR27z3mO9RQvrEa7xAy4C3XMcS+WRnK4w:f8vdkiCKy+u9RQvTA9rcS+5

Malware Config

Extracted

Family

eternity

C2

http://eternityms33k74r7iuuxfda4sqsiei3o3lbtr5cpalf6f4skszpruad.onion

Targets

    • Target

      a76c1125dacfbc3915da530751b42959.bin.exe

    • Size

      70KB

    • MD5

      a76c1125dacfbc3915da530751b42959

    • SHA1

      5d7e45a1e91f30f69c585b85676c30969f7227de

    • SHA256

      9ab7986388ed985549037d1aa7663f59281f7babdaf9a5312e9653eefc88f7c0

    • SHA512

      f606b6280156d5de5ef19b9a24e32cacf871673b8474d3cedbdb59df94fbae41d855db4dde2e7aa97cde6c911408fe2fd9fa10ee0ec342f728371a01df4d40b5

    • SSDEEP

      768:GI8h1BxX3dkIoBQ+0fc246aVKyFVKR27z3mO9RQvrEa7xAy4C3XMcS+WRnK4w:f8vdkiCKy+u9RQvTA9rcS+5

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

    • Eternity

      Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.

    • LimeRAT

      Simple yet powerful RAT for Windows machines written in .NET.

    • Async RAT payload

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • .NET Reactor proctector

      Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks