General
-
Target
Mortage information files PDF_parsed.exe
-
Size
512KB
-
Sample
221202-1ery1aah5w
-
MD5
7ed167098505af94bfeade11982b112e
-
SHA1
083a7280bb44d39e08cb4bb4d47d1ab5ace6fb0a
-
SHA256
1e9da999708729b12cf9b9e29c44d4a1968251f2b5a9b8882f2bf2627503731a
-
SHA512
4e22118885319443aeb90bbd6d896503d139e0204e34ebbf49c0f922454ac5b5a781adeee3564e561a23b52d69dac6cf872b2129d9aa4825384201da990145fb
-
SSDEEP
12288:s2zrXH5tH9a6OXEU2sxZReE5G6fuDp0P4ptTzGlKUh:jznHVOx2sVhGQPaM
Static task
static1
Behavioral task
behavioral1
Sample
Mortage information files PDF_parsed.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Mortage information files PDF_parsed.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
eternity
http://eternityms33k74r7iuuxfda4sqsiei3o3lbtr5cpalf6f4skszpruad.onion
Targets
-
-
Target
Mortage information files PDF_parsed.exe
-
Size
512KB
-
MD5
7ed167098505af94bfeade11982b112e
-
SHA1
083a7280bb44d39e08cb4bb4d47d1ab5ace6fb0a
-
SHA256
1e9da999708729b12cf9b9e29c44d4a1968251f2b5a9b8882f2bf2627503731a
-
SHA512
4e22118885319443aeb90bbd6d896503d139e0204e34ebbf49c0f922454ac5b5a781adeee3564e561a23b52d69dac6cf872b2129d9aa4825384201da990145fb
-
SSDEEP
12288:s2zrXH5tH9a6OXEU2sxZReE5G6fuDp0P4ptTzGlKUh:jznHVOx2sVhGQPaM
Score10/10-
Eternity
Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook profiles
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-