General
-
Target
cryp.exe
-
Size
7KB
-
Sample
220910-edgwradccm
-
MD5
a1f047d0fedbc2e3f5761e55231ac017
-
SHA1
90471b46e6b176a9bc707f503f73453c15c6d214
-
SHA256
8b0ea57ade5bfaed72798a9363c572da765e6014d5baeb667f4804525ae851bd
-
SHA512
16ed0cbac2229c541896403803f8ada8a48cba8c982c29d2fcd208ce7128710997cb0ea22ca1197f409bb9a2b38dc68c1baf7db6593d38f7a88a98589f92ac83
-
SSDEEP
96:34I2unjKp7Y5DkYoCYNiESNfWNsn8WEmO8qQuD1oCbyRTq8Q4tX32hWN3QU:34Mup7iDkYDxNeNejEmO8q7xlbuTXfY
Static task
static1
Behavioral task
behavioral1
Sample
cryp.exe
Resource
win7-20220812-en
Malware Config
Extracted
eternity
http://rlcjba7wduej3xcstcjo577eqgjsjvcjfsw4i23fqvf2y27ylylhmhad.onion
Targets
-
-
Target
cryp.exe
-
Size
7KB
-
MD5
a1f047d0fedbc2e3f5761e55231ac017
-
SHA1
90471b46e6b176a9bc707f503f73453c15c6d214
-
SHA256
8b0ea57ade5bfaed72798a9363c572da765e6014d5baeb667f4804525ae851bd
-
SHA512
16ed0cbac2229c541896403803f8ada8a48cba8c982c29d2fcd208ce7128710997cb0ea22ca1197f409bb9a2b38dc68c1baf7db6593d38f7a88a98589f92ac83
-
SSDEEP
96:34I2unjKp7Y5DkYoCYNiESNfWNsn8WEmO8qQuD1oCbyRTq8Q4tX32hWN3QU:34Mup7iDkYDxNeNejEmO8q7xlbuTXfY
-
Eternity
Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Uses the VBS compiler for execution
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-