General
-
Target
tmp
-
Size
5.6MB
-
Sample
221115-gpyprafb58
-
MD5
6d5b82125021e8c5ecf314e77bd26db7
-
SHA1
e0374c2bab3878c70e719e53c402b924ee132fce
-
SHA256
73d8f924ec20c7ff9696e69292e6beb063cd3e49e051aa5b5b4ae331eedc66ea
-
SHA512
d4ce4eb0a48bae9a74c95af6992e481e94629aafa013cc4e30b18b50108a65cc37336c03ab64103a54e406878c747e40a7e546f076bc5c127e31aba55ecab7dc
-
SSDEEP
49152:/KUoniCNP2MgouBwqsLqhOTbkBTWDtLCXTTSlREARTrxU/wPP46Od9sk/IRUnqno:u43+PLk0bkBCEDWlbTrOwo6W3Jaw
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20220812-en
Malware Config
Extracted
eternity
4BCCzZcSyS7L1229mxLRArhp2HPKwpBmHGDnZKnWFds856vvQcRiDSsLZWH2CjW6xigC3NSGE5Qq2gfixNyMMVc723mjiPs
-
payload_urls
http://193.218.201.246/xmrig.exe
Targets
-
-
Target
tmp
-
Size
5.6MB
-
MD5
6d5b82125021e8c5ecf314e77bd26db7
-
SHA1
e0374c2bab3878c70e719e53c402b924ee132fce
-
SHA256
73d8f924ec20c7ff9696e69292e6beb063cd3e49e051aa5b5b4ae331eedc66ea
-
SHA512
d4ce4eb0a48bae9a74c95af6992e481e94629aafa013cc4e30b18b50108a65cc37336c03ab64103a54e406878c747e40a7e546f076bc5c127e31aba55ecab7dc
-
SSDEEP
49152:/KUoniCNP2MgouBwqsLqhOTbkBTWDtLCXTTSlREARTrxU/wPP46Od9sk/IRUnqno:u43+PLk0bkBCEDWlbTrOwo6W3Jaw
-
Eternity
Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.
-
XMRig Miner payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-