General
-
Target
8ac70bc77a6c673a7c54af110c69dfd1bbeab11c6ce3f2daf3a4a7f9082aa2ce
-
Size
252KB
-
Sample
221116-e9jp8ahb73
-
MD5
04175e2b3025617dbbe198cec70e3c10
-
SHA1
3e27350b3b8b72419477d0135cee9a534ee0bfb5
-
SHA256
8ac70bc77a6c673a7c54af110c69dfd1bbeab11c6ce3f2daf3a4a7f9082aa2ce
-
SHA512
f9e13af39449121ae41d8dc919cac00a313c7f0578e895e952c1271a7263f67b808f056fa557c8661589aed8c223ea2fd982f072f355f6c06b9583a718109647
-
SSDEEP
3072:fDR3u58ED15MyMdQlTtGQvPePwvnsmR026Drd+NIt03CT/zSGwXfN/TPdYlvRqdS:VcZAST48owMTiIcbGwPNOt6
Static task
static1
Behavioral task
behavioral1
Sample
8ac70bc77a6c673a7c54af110c69dfd1bbeab11c6ce3f2daf3a4a7f9082aa2ce.exe
Resource
win10-20220812-en
Malware Config
Extracted
eternity
http://eternityms33k74r7iuuxfda4sqsiei3o3lbtr5cpalf6f4skszpruad.onion
Extracted
raccoon
dc575a13050638a6
Extracted
raccoon
d8f44b07b06da3a90ad87ebc9249718c
http://79.137.205.87/
Targets
-
-
Target
8ac70bc77a6c673a7c54af110c69dfd1bbeab11c6ce3f2daf3a4a7f9082aa2ce
-
Size
252KB
-
MD5
04175e2b3025617dbbe198cec70e3c10
-
SHA1
3e27350b3b8b72419477d0135cee9a534ee0bfb5
-
SHA256
8ac70bc77a6c673a7c54af110c69dfd1bbeab11c6ce3f2daf3a4a7f9082aa2ce
-
SHA512
f9e13af39449121ae41d8dc919cac00a313c7f0578e895e952c1271a7263f67b808f056fa557c8661589aed8c223ea2fd982f072f355f6c06b9583a718109647
-
SSDEEP
3072:fDR3u58ED15MyMdQlTtGQvPePwvnsmR026Drd+NIt03CT/zSGwXfN/TPdYlvRqdS:VcZAST48owMTiIcbGwPNOt6
-
Detect Amadey credential stealer module
-
Eternity
Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-