Overview

overview

10

Static

static

10

558ea422e0...f6.exe

windows7-x64

10

558ea422e0...f6.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    558ea422e0283f3095a967ed4a110cf6.exe

  • Size

    235KB

  • Sample

    230112-r2e4aaca7w

  • MD5

    558ea422e0283f3095a967ed4a110cf6

  • SHA1

    d8f12cf44472302cdbd5a20da98b8642cd4d969d

  • SHA256

    a6279d25928cec19391e8d352f9d68290a5150edc4f1524c0f425b38be12df17

  • SHA512

    cf1651dcd3e065cdf0c70f496b8fdc760a31494d2d2df29557a3937aee488af1faf8fdd0cc1d9010ee62c5f3369dc72eb378abc6f79f2982c8b1e104ad81cd04

  • SSDEEP

    6144:77wTTk35/d0uULoq33zA0SduVyB7mlIhWgG:77wq/SoCARuVyB7mleA

Score
10/10
amadeyauroraeternitycollectionpersistencespywarestealertrojan

Malware Config

Extracted

Family

amadey

Version

3.65

C2

bitcoinpricealertexpert.com/8bmdh3Slb2/index.php

coindexalerter.com/8bmdh3Slb2/index.php

uniswapdataprice.com/8bmdh3Slb2/index.php

Extracted

Family

eternity

C2

http://eternityms33k74r7iuuxfda4sqsiei3o3lbtr5cpalf6f4skszpruad.onion

Extracted

Family

aurora

C2

85.192.63.77:8081

Extracted

Language
ps1
Source
URLs
exe.dropper

https://discord.com/api/webhooks/1062449960307654667/SGWLPTrKyuH7Zrjpn3EBCs7Hq0211pqiDqhIfvbI2fQsKn_x8_A8W0TPaxBBKAwWmtPN

Targets

    • Target

      558ea422e0283f3095a967ed4a110cf6.exe

    • Size

      235KB

    • MD5

      558ea422e0283f3095a967ed4a110cf6

    • SHA1

      d8f12cf44472302cdbd5a20da98b8642cd4d969d

    • SHA256

      a6279d25928cec19391e8d352f9d68290a5150edc4f1524c0f425b38be12df17

    • SHA512

      cf1651dcd3e065cdf0c70f496b8fdc760a31494d2d2df29557a3937aee488af1faf8fdd0cc1d9010ee62c5f3369dc72eb378abc6f79f2982c8b1e104ad81cd04

    • SSDEEP

      6144:77wTTk35/d0uULoq33zA0SduVyB7mlIhWgG:77wq/SoCARuVyB7mleA

    Score
    10/10
    amadeyauroraeternitycollectionpersistencespywarestealertrojan

    • Amadey

      Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

      trojanamadey

    • Aurora

      Aurora is a crypto wallet stealer written in Golang.

      stealeraurora

    • Eternity

      Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.

      eternity

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks