General
-
Target
4cbcdf2f7b00b024c5e2a59bc4f41a4c8631c6459e1afa0a83f2b261fa74def8
-
Size
2.2MB
-
Sample
221122-jpctdshh4w
-
MD5
e2ce08aa7b23795d34d4fcc960663f05
-
SHA1
8fcc5510c9e43f5c8a12e8fa188d96f2351e64ca
-
SHA256
4cbcdf2f7b00b024c5e2a59bc4f41a4c8631c6459e1afa0a83f2b261fa74def8
-
SHA512
bf91e0faee1fdfdcebccf2c2868c2d84b74414aa0857c147da44acdd6108ba9fe703045c1acfd52723683a9ea2cb72b38a15b4eb31bea23220897131bf496e5d
-
SSDEEP
49152:B0mY7jteX4+g8Zi5/sTGGnd9cB1IPszdv6sX79RP1YIPTF:WmY7jtu4+g8IOV+vjRZ5PT
Static task
static1
Behavioral task
behavioral1
Sample
4cbcdf2f7b00b024c5e2a59bc4f41a4c8631c6459e1afa0a83f2b261fa74def8.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
4cbcdf2f7b00b024c5e2a59bc4f41a4c8631c6459e1afa0a83f2b261fa74def8.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
eternity
http://rlcjba7wduej3xcstcjo577eqgjsjvcjfsw4i23fqvf2y27ylylhmhad.onion
-
payload_urls
http://167.88.170.23/w99.exe
http://ndmit.com/test/501.exe,http://ndmit.com/test/star5.exe,http://ndmit.com/test/0079.exe
Targets
-
-
Target
4cbcdf2f7b00b024c5e2a59bc4f41a4c8631c6459e1afa0a83f2b261fa74def8
-
Size
2.2MB
-
MD5
e2ce08aa7b23795d34d4fcc960663f05
-
SHA1
8fcc5510c9e43f5c8a12e8fa188d96f2351e64ca
-
SHA256
4cbcdf2f7b00b024c5e2a59bc4f41a4c8631c6459e1afa0a83f2b261fa74def8
-
SHA512
bf91e0faee1fdfdcebccf2c2868c2d84b74414aa0857c147da44acdd6108ba9fe703045c1acfd52723683a9ea2cb72b38a15b4eb31bea23220897131bf496e5d
-
SSDEEP
49152:B0mY7jteX4+g8Zi5/sTGGnd9cB1IPszdv6sX79RP1YIPTF:WmY7jtu4+g8IOV+vjRZ5PT
Score10/10-
Eternity
Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-