General
-
Target
tmp
-
Size
5.6MB
-
Sample
221115-glwqzsbe71
-
MD5
c5ffb5f4c680fb5d2058b9ceb91bde35
-
SHA1
cd1e0ca1b84b046321d673b407989ffadfa594a7
-
SHA256
5cfd06074db0ce6e91f2ab7bdd8e927d283d7b828900ad130ed882d2c736903a
-
SHA512
ae52ffacb03ea319015e10a587139b4e3fed11f528027f7dab9323dc820b82e8b68ff8bdd7d657a304ceced529aef021574381ee06c7712daf0692c06d5e7d7d
-
SSDEEP
49152:nTjTA3G0ZNEfFf/u95P3HU7BHpJnbVa8ZTVs/BHywaad9sk/IRUnqnY48UzjcJ:nTeG07+FkNXUZpJnBlcywaK3Jaw
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20220812-en
Malware Config
Extracted
eternity
http://eternityms33k74r7iuuxfda4sqsiei3o3lbtr5cpalf6f4skszpruad.onion
4BCCzZcSyS7L1229mxLRArhp2HPKwpBmHGDnZKnWFds856vvQcRiDSsLZWH2CjW6xigC3NSGE5Qq2gfixNyMMVc723mjiPs
bc1qn0zp2sps3zsqz2507yw7jyrjd678wct6mckeuy
qqlvllvrq5yg3cjwk4axl0unqlp2xpu6ccst2ywvp2
0xFbA9a8c4a5398585a2aF951aa2D5496dbeCdA4aE
DGWe2iVzYfpztsBFnb2KLmjwRXBD9RnJs4
TAtt7HTeBdUEZJKFfm7DUs4r6UQ6w1Y1bD
LZQHZCvWUijEASjGXW6rZu7PKHZJNJ97pf
rEBCk9SBcda7z58zS8c1PwkDVxMSk286W7
t1XzHsqCdWR8zfJ9hzWoNzPfjqeQrkU5XsZ
XyHAkGzeqQdad7edTAzk3heu4NqEbcY1cJ
AYpmFyNSzvHF5yT7pQXMXZcm1RzLBvWWEx
GD2UKPTYTMUOKZWIBYVVVE2ICH66AKBPW2HU7PS4JDDTFPPKEQUCEJOP
bnb1md0kze5z0laj8nyk2l82unccr45nmykfrfrp46
FiaNRohykfF1YiMPigDWqmKJbMCP32VpkiNC8B32nxhp
Targets
-
-
Target
tmp
-
Size
5.6MB
-
MD5
c5ffb5f4c680fb5d2058b9ceb91bde35
-
SHA1
cd1e0ca1b84b046321d673b407989ffadfa594a7
-
SHA256
5cfd06074db0ce6e91f2ab7bdd8e927d283d7b828900ad130ed882d2c736903a
-
SHA512
ae52ffacb03ea319015e10a587139b4e3fed11f528027f7dab9323dc820b82e8b68ff8bdd7d657a304ceced529aef021574381ee06c7712daf0692c06d5e7d7d
-
SSDEEP
49152:nTjTA3G0ZNEfFf/u95P3HU7BHpJnbVa8ZTVs/BHywaad9sk/IRUnqnY48UzjcJ:nTeG07+FkNXUZpJnBlcywaK3Jaw
-
Detects Eternity clipper
-
Eternity
Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-