Extracted

• • Target

    Booking_026xls.exe

  • Size

    762KB

  • MD5

    a585978049b92aae727e1194e57fe33b

  • SHA1

    fe4d4fa0fee1d7659a51bf7bc4cdb9eff1c8a091

  • SHA256

    bcb56d0fe856303e717cc5063013acebff9df5645629472ab2600248a604d0b9

  • SHA512

    de4f9a3c748ba8b82fb4cb2fa5f816317dc68aa632de26304d708037b9a1c65a55c5125b84ce42b5200438103ab3066f50064ba24c9c089c61f59ba0bcae1a18

  • SSDEEP

    12288:rzSgbiZU6XgScm6mTGL0YEW+VxEPW0jNM8WUFJVbqaT5SomZn0ZaHJBq6Tc9Vo:HSPXgVSTGLZEW+VyM8vb95bn8w

  Score

  10^/10

  eternitycollectionspywarestealer

  • Eternity

    Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.

    eternity

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2