General
-
Target
file.exe
-
Size
911KB
-
Sample
221127-ww3plscf61
-
MD5
01eb600a30f772fc4728c582cdd2cf41
-
SHA1
e44dcfbce0e2e61fc1f35537af512130b42b09f4
-
SHA256
b1a709dfd66397a9bf376c286924c06e8b21e52137b83e936f36896560f62d24
-
SHA512
071e21bb6b56a688936c6ae0b59528655e0c0fda1f3dc638a4d165ed6823ab322a15cdb58142e8484cd895f8dc54fcfad74714327497e78f07fd63c28382b733
-
SSDEEP
24576:ZTCKy6iFR5hcuMz4PMTDsNIbR3iexC/bwsNxW8:ZTCKy6iFR5hcuMz4PMTgNIb08KW
Malware Config
Extracted
eternity
http://eternityms33k74r7iuuxfda4sqsiei3o3lbtr5cpalf6f4skszpruad.onion
Targets
-
-
Target
file.exe
-
Size
911KB
-
MD5
01eb600a30f772fc4728c582cdd2cf41
-
SHA1
e44dcfbce0e2e61fc1f35537af512130b42b09f4
-
SHA256
b1a709dfd66397a9bf376c286924c06e8b21e52137b83e936f36896560f62d24
-
SHA512
071e21bb6b56a688936c6ae0b59528655e0c0fda1f3dc638a4d165ed6823ab322a15cdb58142e8484cd895f8dc54fcfad74714327497e78f07fd63c28382b733
-
SSDEEP
24576:ZTCKy6iFR5hcuMz4PMTDsNIbR3iexC/bwsNxW8:ZTCKy6iFR5hcuMz4PMTgNIb08KW
Score10/10-
Eternity
Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook profiles
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-