Extracted

Extracted

• • Target

    Output.exe

  • Size

    1.7MB

  • MD5

    4f24c94182a964c6706c1920a73822c0

  • SHA1

    5fd5f215270c5f7ff7828d8e1fe7e784094ae2f0

  • SHA256

    45afb3a562e84e75c19fe08404921b2c05900a6037f04d5aa61eca9ea7254ef3

  • SHA512

    d1f7d8b5b6f1f3464a2946b861bc7c919623ad3fddeb7899d546fae93f6d864fd614a88b043c46d990942eaf59076a72702ad17dca26b178c8312c75219ce1fd

  • SSDEEP

    49152:zsRpndZn496l3tGPHbbe2q6d5axY5zGbpSFUxTJ:zsRfZn4gVKeOwozwRv

  Score

  10^/10

  eternityvidar9bd43ccedb1e82a38795147b462c1fe9collectiondiscoverypersistencespywarestealer

  • Eternity

    Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.

    eternity

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses 2FA software files, possible credential harvesting

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Drops desktop.ini file(s)

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2