General
-
Target
c6fbb7022c7beb3b4c840cb4d46b35f237a29ef70d6c400e673eedc55698d3c4
-
Size
1.9MB
-
Sample
231124-lbkcesad4t
-
MD5
b483c722d53182cb7b35e0604b6603c7
-
SHA1
821a586245f977e3a6d2aae29c7a262c080cb5a2
-
SHA256
c6fbb7022c7beb3b4c840cb4d46b35f237a29ef70d6c400e673eedc55698d3c4
-
SHA512
efe2bc96cce1802c74277d72cd848b3c4a275bb5a1537ec59d1dc9b9a4ad60b6e733f14404d7cd07b479a8018a3872eb924befbd25256764d8f10f583a86372e
-
SSDEEP
49152:vmMEPx6vQA7b0IyUWN/vgy0j3c6Byf1gTT:hHQAXtyBN/R0TE2X
Malware Config
Extracted
eternity
http://izrukvro5khcol3z7cvvdq3akeunlod2gshgn7ppo3a4jvse3z5hpiyd.onion
Targets
-
-
Target
c6fbb7022c7beb3b4c840cb4d46b35f237a29ef70d6c400e673eedc55698d3c4
-
Size
1.9MB
-
MD5
b483c722d53182cb7b35e0604b6603c7
-
SHA1
821a586245f977e3a6d2aae29c7a262c080cb5a2
-
SHA256
c6fbb7022c7beb3b4c840cb4d46b35f237a29ef70d6c400e673eedc55698d3c4
-
SHA512
efe2bc96cce1802c74277d72cd848b3c4a275bb5a1537ec59d1dc9b9a4ad60b6e733f14404d7cd07b479a8018a3872eb924befbd25256764d8f10f583a86372e
-
SSDEEP
49152:vmMEPx6vQA7b0IyUWN/vgy0j3c6Byf1gTT:hHQAXtyBN/R0TE2X
Score10/10-
Eternity
Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses Microsoft Outlook profiles
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-