General
-
Target
3C16B60156F99FD71FB8E5D03D3AB0DB7B3A32B7279D2095DA22A756543BF46A
-
Size
238KB
-
Sample
221208-ye4lpaeb3y
-
MD5
d8d436c63f793b9c7c409313c1a77116
-
SHA1
e000cdcdfc63074124c1315c3cfa8a100b128e9d
-
SHA256
3c16b60156f99fd71fb8e5d03d3ab0db7b3a32b7279d2095da22a756543bf46a
-
SHA512
fcf33368c92ba431e3d3bf0f6df557b423cdd647bf8d5e6b26d24dcde7f9a890978b40b6bed29a354ec8c15c3247daaf450d156fb2ffb5742ff646c8b4e7102f
-
SSDEEP
6144:GYOTFKIihzjv1Lx4NNCQe55USsOh0QFYcbLyxjERw9/c26pnBif07WbkPOvpmA8J:K1baoC
Static task
static1
Behavioral task
behavioral1
Sample
BPL_100332_063.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
BPL_100332_063.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
eternity
http://eternityms33k74r7iuuxfda4sqsiei3o3lbtr5cpalf6f4skszpruad.onion
Targets
-
-
Target
BPL_100332_063.exe
-
Size
186KB
-
MD5
1dc08e9d37cb4471febeeac372fd8eb3
-
SHA1
957ca47bc57d060eadc10ba398502579f7d95739
-
SHA256
ebb8daca0f8313047a111e04e7a7cc7bac4566a3e0f3900b2b78af2b316b0b39
-
SHA512
0231bba86d283d96001d7fb9bb236f51f9c661ee51d5880e1a22e37d2fd3340ebe3d542cb99e30763b7310bdb9d01dc493b9bae0215f900522f4d07699bedd90
-
SSDEEP
3072:4Dkr2mOTVSUXKIihzjv1Lx4NNCQe55USsOh0QFYcbLyxjERwOI/c26pnBif07Wbn:oYOTFKIihzjv1Lx4NNCQe55USsOh0QF7
Score10/10-
Eternity
Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-