General
-
Target
file.exe
-
Size
10.0MB
-
Sample
221117-lrmgqaeb27
-
MD5
71438bae518e4e312e1f6617ee0b268b
-
SHA1
744f042e3b251786d7d15c960b93d7da83f75773
-
SHA256
2e0407e923bff9826e61900e5c1addaf13e226564796527e83bc0384adb16ec8
-
SHA512
6128bcdaf3006757b3a7f13f30bb07c91ade97214807e56f15df0fc20b4d45b44a0ba5cb73140aec9c6c5f4eb596219c9e5f897cccd07de6447780a6e677adaf
-
SSDEEP
24576:LvtObzeG41/7E6E9h1hqmS10mSVBojjIY+SzsS:hOWVpX8V+48zsS
Malware Config
Extracted
eternity
http://eternityms33k74r7iuuxfda4sqsiei3o3lbtr5cpalf6f4skszpruad.onion
41r3LwMnez561bPJdamkzFfVoUJhmJQjHXSGz2e1Cb8xBCgvvSN36REatA7Ayn2GubDXyE2SQsar4LJDTAr8DnwPSmViy7o
1NSf3HSaEVJQv82Wg1Dxwrq8vksbXk1Uz9
0x5296E7a3aBa03B60e9ab2fF31Bc4Bda5C4306E70
0x5296E7a3aBa03B60e9ab2fF31Bc4Bda5C4306E70
0x5296E7a3aBa03B60e9ab2fF31Bc4Bda5C4306E70
0x5296E7a3aBa03B60e9ab2fF31Bc4Bda5C4306E70
0x5296E7a3aBa03B60e9ab2fF31Bc4Bda5C4306E70
D8JaQ1S56v9q1PYvgiMSiJKcpr62rzNmPP
TGPdhxdT1AdFBy9ojeACoPDhGG9BJsDRcG
t1V7NEnYmdnGVMFE7nLmW9r1DxnvBdZEcuu
XpTXPMSoGXwsHWs1h9fnUTDo2HfJbXyzqk
Targets
-
-
Target
file.exe
-
Size
10.0MB
-
MD5
71438bae518e4e312e1f6617ee0b268b
-
SHA1
744f042e3b251786d7d15c960b93d7da83f75773
-
SHA256
2e0407e923bff9826e61900e5c1addaf13e226564796527e83bc0384adb16ec8
-
SHA512
6128bcdaf3006757b3a7f13f30bb07c91ade97214807e56f15df0fc20b4d45b44a0ba5cb73140aec9c6c5f4eb596219c9e5f897cccd07de6447780a6e677adaf
-
SSDEEP
24576:LvtObzeG41/7E6E9h1hqmS10mSVBojjIY+SzsS:hOWVpX8V+48zsS
Score10/10-
Detects Eternity clipper
-
Eternity
Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-