General
-
Target
666.exe
-
Size
2.1MB
-
Sample
220910-ncjtdsdfgj
-
MD5
a2415c70a55fc6411f9679a0cb5a9041
-
SHA1
d440db44a8ffe43111dacbc59edb7f1ff09e0fa9
-
SHA256
4cb0b838560c4e859b8aa29c40fffde2f196a827eda7f69a2b766299651c50df
-
SHA512
6dd023b3e0272d1314592e9050859c039fec7b3e8f7505f2750cffbc0c8156fe95ac8aac05ba5f4852ab5f37c0dfde6ba5af01fe277a640c51255ceabf1de784
-
SSDEEP
24576:Gf0NGPPL8NvgPPeauBJlLjhVt1xSKMrKUsEDPRaAztFzdi8zu3T/5Yx6GM:G8N+bP7uDZRDU7DJaGFzdA3Tj
Static task
static1
Behavioral task
behavioral1
Sample
666.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
666.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
eternity
http://rlcjba7wduej3xcstcjo577eqgjsjvcjfsw4i23fqvf2y27ylylhmhad.onion
Targets
-
-
Target
666.exe
-
Size
2.1MB
-
MD5
a2415c70a55fc6411f9679a0cb5a9041
-
SHA1
d440db44a8ffe43111dacbc59edb7f1ff09e0fa9
-
SHA256
4cb0b838560c4e859b8aa29c40fffde2f196a827eda7f69a2b766299651c50df
-
SHA512
6dd023b3e0272d1314592e9050859c039fec7b3e8f7505f2750cffbc0c8156fe95ac8aac05ba5f4852ab5f37c0dfde6ba5af01fe277a640c51255ceabf1de784
-
SSDEEP
24576:Gf0NGPPL8NvgPPeauBJlLjhVt1xSKMrKUsEDPRaAztFzdi8zu3T/5Yx6GM:G8N+bP7uDZRDU7DJaGFzdA3Tj
Score10/10-
Eternity
Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook profiles
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-