Overview

overview

10

Static

static

10

Clipper.exe

windows7-x64

10

Clipper.exe

windows10-2004-x64

10

Miner.exe

windows7-x64

10

Miner.exe

windows10-2004-x64

10

Rat.exe

windows7-x64

10

Rat.exe

windows10-2004-x64

10

Stealer.exe

windows7-x64

10

Stealer.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    11-10-2023 22:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Clipper.exe

  • Size

    36KB

  • MD5

    a8336c9284c9ef94e43c872a9d851745

  • SHA1

    ddeab3f743a27717697ce67b1efc5ddc9f6f23e9

  • SHA256

    160ffdb97712c84d3e7dca1e26924d48cd92afb6c21665df8912cae81cc91d9b

  • SHA512

    04a7c409c202ff182c8fef28b8bf0dfa1cda362e77940d2c163b5011dfb9980c8221d3caeceb2c4989683f53cb1de910a9b8bcf0ddd5a5d07dcdb7050b4fd68a

  • SSDEEP

    768:qn3vh2w5xJC2KnNfV8od6cZT5pRkLAgSbX6z:q3vtjaVF5p6LQqz

Score
10/10
eternityclipper

Malware Config

Extracted

Family

eternity

C2

http://eternityms33k74r7iuuxfda4sqsiei3o3lbtr5cpalf6f4skszpruad.onion

Wallets

44CXkMKGjDvF7no7BaqUNug1jfk2HbibZVTq5QyxtBndGrGhNCSujURPfPuAF81QPKCg2ircpyCKcQkYLR1hsZsQRtnUJxN

1C4hJT5n1tSiGKWup67DAiJdVv6GhjdN7k

bitcoincash:qp7cvk9y54wavs7ymyxs6dg7dsr4jyww3gl7l0u2qu

0x4B2924cc68f9920179ae27423d1b1AFdF1278a16

DMjAHewovYwGUbBRDjLXcBmRF1zdHHixs1

TM5P1JHRL7B6qRLhu1ETn3Fevhjrr4dS8E

LLUBUSsFjwFVyn66kDy5BjumSuQ2Kr76hR

rKGztQSkFyn5wfPg5Bg6JhXKMnRx2pCyDN

t1dmAv1SZBcsbJUpCHN5TEFNUZdGEjTq8o4

Xvm7enX3tAp3Z8xioepTajnCet8FVWMHV7

GC56QYDSZEO3P353Y7FA4YTLGX7YNMQQ7XGZ7O67RTKN7MLGCXCBIEEM

bnb1ydrtrn5fn0ymphv4mc9n2yes6pjhgxnyj5yd7x

2JC8emeKdhgzT8N8m1m6afvAgagAnp8Xpkvcnk6wNKdn

F2J7WG7RTUAEC7JMTB2GNJ2XS3E5UCBBW2R6MBLWUDKINF5ZF7YQ2WBHNA

Signatures

  • Detects Eternity clipper 2 IoCs
    clipper
  • Eternity

    Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.

    eternity
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Clipper.exe
    "C:\Users\Admin\AppData\Local\Temp\Clipper.exe"
    1⤵
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of AdjustPrivilegeToken
    PID:2764

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2764-0-0x0000000074840000-0x0000000074F2E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2764-1-0x0000000000F50000-0x0000000000F60000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2764-2-0x0000000000A00000-0x0000000000A40000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2764-3-0x0000000074840000-0x0000000074F2E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2764-4-0x0000000000A00000-0x0000000000A40000-memory.dmp

    Filesize

    256KB

    Download