General
-
Target
aa0fcd6a-7e83-40be-bdaa-a81e626b9ffe.exe
-
Size
3.3MB
-
Sample
221127-jgwarsac98
-
MD5
cc5fcae70f636b3ffa04811e2a6153f7
-
SHA1
3c1687cca2ffd48adf107e8eda1ffb06beb7ba7f
-
SHA256
01156bec33d1378d38aa16ae6605d4766f20ac5f48c9bb2c0744457ff9de3102
-
SHA512
c63fc634a7c85d67000e25afd359a51aa0af4c259b7c4366fa4c05b2c844132cb459bc399098de2d5060dabadae91b8f1f889b4c6a5fd0a172d3f43e14d47c2b
-
SSDEEP
98304:hHmVzuboSz63u94iSa7e1zLTdiVOiZMR+MJbZ5d:hH86qu94J1nTdiVOyMJbvd
Static task
static1
Behavioral task
behavioral1
Sample
aa0fcd6a-7e83-40be-bdaa-a81e626b9ffe.exe
Resource
win7-20220812-en
Malware Config
Extracted
eternity
http://eternityms33k74r7iuuxfda4sqsiei3o3lbtr5cpalf6f4skszpruad.onion
-
payload_urls
http://167.88.170.23/w993.exe
http://167.88.170.23/s101.exe,http://167.88.170.23/101.exe,http://167.88.170.23/R101.exe
Targets
-
-
Target
aa0fcd6a-7e83-40be-bdaa-a81e626b9ffe.exe
-
Size
3.3MB
-
MD5
cc5fcae70f636b3ffa04811e2a6153f7
-
SHA1
3c1687cca2ffd48adf107e8eda1ffb06beb7ba7f
-
SHA256
01156bec33d1378d38aa16ae6605d4766f20ac5f48c9bb2c0744457ff9de3102
-
SHA512
c63fc634a7c85d67000e25afd359a51aa0af4c259b7c4366fa4c05b2c844132cb459bc399098de2d5060dabadae91b8f1f889b4c6a5fd0a172d3f43e14d47c2b
-
SSDEEP
98304:hHmVzuboSz63u94iSa7e1zLTdiVOiZMR+MJbZ5d:hH86qu94J1nTdiVOyMJbvd
-
Eternity
Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.
-
Looks for VirtualBox Guest Additions in registry
-
Executes dropped EXE
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Suspicious use of SetThreadContext
-