Behavioral task
behavioral1
Sample
4936-193-0x0000000000400000-0x0000000000552000-memory.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
4936-193-0x0000000000400000-0x0000000000552000-memory.exe
Resource
win10v2004-20220812-en
General
-
Target
4936-193-0x0000000000400000-0x0000000000552000-memory.dmp
-
Size
1.3MB
-
MD5
871d2abf9d28b5ee24ebe16e0665b991
-
SHA1
c0116871d38099b128f5a9949075ba0af6840769
-
SHA256
4a781fd4926f9ba0fc646bd1421cf9dbd2d25ba829b903f197eea09d7067e0d9
-
SHA512
6213ee12234a8c8b0589c8bd118dae4a3fccd3975b9fc8ce255ebbee1006b6420895cf013023c7cfc603e47ae2bcbd4852a41af638cc9d6da701a42b36bf12f4
-
SSDEEP
24576:fpkH+O5MMsj/8oJ0HOgwzMIdEyaXC772Q9NXw2/wPOjdGxY:fWHZ5MMpoJOp+MIVai7Tq24GjdGS
Malware Config
Extracted
eternity
http://eternityms33k74r7iuuxfda4sqsiei3o3lbtr5cpalf6f4skszpruad.onion
-
payload_urls
https://filebin.net/vpaua0vl4owt9i0o/myupdate.exe
https://filebin.net/vpaua0vl4owt9i0o/Sklmsstregens.vbs, https://filebin.net/vpaua0vl4owt9i0o/remcexecrypt.exe, https://filebin.net/vpaua0vl4owt9i0o/racoocry.exe, https://filebin.net/vpaua0vl4owt9i0o/redlcryp.exe
https://filebin.net/vpaua0vl4owt9i0o/myupdate.exe
https://filebin.net/vpaua0vl4owt9i0o/myupdate.exe
Signatures
-
Eternity family
Files
-
4936-193-0x0000000000400000-0x0000000000552000-memory.dmp.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 1.3MB - Virtual size: 1.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ