Extracted

• • Target

    qiv1ow16wzuw.exe

  • Size

    667KB

  • MD5

    1125d277ccde4c5fea05e9b784107388

  • SHA1

    33a6701d158fdf233d9551d949fee2b1eefa31f4

  • SHA256

    156da573614eadb656348d9ac7af4de07134dd7e1f66cb2df40260a830b7b520

  • SHA512

    3c335773a982a6f652b8481a82d70983f4d7a64ea9a699c2fbf370413124770bcd6ee629057aa9478ba37125e88e2d8a68a1a50ade95c27722fcc631b4dee4ea

  • SSDEEP

    12288:33Qawb5sjSCPl2vco9e3T+crb0xCDb7+HNIFrgD7hz+hyfzoGln1lG:33QaQCjSCPlYMT+cP0sL+HNIFY7MUR/

  Score

  10^/10

  eternitycollection

  • Eternity

    Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.

    eternity

  • Executes dropped EXE

  • Loads dropped DLL

  • Uses the VBS compiler for execution

  • Accesses Microsoft Outlook profiles

    collection

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2