General
-
Target
e7f968d64655db242cdc6330cf399c3b5e635b63b2ba734d5e2c2eee5986e9be.exe
-
Size
1.4MB
-
Sample
221111-vfykaaca2v
-
MD5
5903b4d5a7cbd5816d4a9128cb69570b
-
SHA1
2180d6f65a664f71c85762a3c4c5db7163b66c73
-
SHA256
e7f968d64655db242cdc6330cf399c3b5e635b63b2ba734d5e2c2eee5986e9be
-
SHA512
86b0b6c80562cfec59b73562ce37bc51cc49521f1e2feca728f172377c9f5b645e8e66dd99756c0aef86dfd1380d71ff2f51fd755839e6f3dcd5f063519a8b40
-
SSDEEP
24576:9jahaFL5GiByK/RMAs5WHi044+yO0VrVdvGUhdVlfNukuc5WEnzW/GC1eR9rmAzd:9+h2L5GiByK/+Azi04nyrVrnzblfkhgb
Static task
static1
Behavioral task
behavioral1
Sample
e7f968d64655db242cdc6330cf399c3b5e635b63b2ba734d5e2c2eee5986e9be.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
e7f968d64655db242cdc6330cf399c3b5e635b63b2ba734d5e2c2eee5986e9be.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
eternity
http://eternityms33k74r7iuuxfda4sqsiei3o3lbtr5cpalf6f4skszpruad.onion
-
payload_urls
https://raroford3242.xyz/myupdate.exe
https://raroford3242.xyz/Sklmsstregens.vbs, https://raroford3242.xyz/remcexecrypt.exe, https://raroford3242.xyz/redlcryp.exe, https://raroford3242.xyz/racoocry.exe
https://raroford3242.xyz/myupdate.exe
https://raroford3242.xyz/myupdate.exe
Targets
-
-
Target
e7f968d64655db242cdc6330cf399c3b5e635b63b2ba734d5e2c2eee5986e9be.exe
-
Size
1.4MB
-
MD5
5903b4d5a7cbd5816d4a9128cb69570b
-
SHA1
2180d6f65a664f71c85762a3c4c5db7163b66c73
-
SHA256
e7f968d64655db242cdc6330cf399c3b5e635b63b2ba734d5e2c2eee5986e9be
-
SHA512
86b0b6c80562cfec59b73562ce37bc51cc49521f1e2feca728f172377c9f5b645e8e66dd99756c0aef86dfd1380d71ff2f51fd755839e6f3dcd5f063519a8b40
-
SSDEEP
24576:9jahaFL5GiByK/RMAs5WHi044+yO0VrVdvGUhdVlfNukuc5WEnzW/GC1eR9rmAzd:9+h2L5GiByK/+Azi04nyrVrnzblfkhgb
Score10/10-
Eternity
Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-