eternity

General

Target

0x00070000000167ff-624.dat
Size

37KB
Sample

231210-3bpqksgcg9
MD5

9237b4d3f030fd05a7b28f296822a046
SHA1

6ba070343226c807fe5e8d959b2fc619cd568edb
SHA256

ff740b99b7815553a3d99d9ea7ed0261970a5131482a910fcc3d050a9d4ca6e7
SHA512

5467dc7296fe7ed9d90b0b3b7076845e141d900a8a82655ac74edf02854173d2a9e96124359c3cf2041c44f291746bae88237f47510ca678f9f022176f18d9d8
SSDEEP

768:d8n3N4JRqwg8UTB+8zx70f0PSuopLwlFFWO7:dmN4JRrg8ypxSKFFX

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Version

2022

C2

http://81.19.131.34/fks/index.php

rc4.i32

Extracted

Family

redline

Botnet

LiveTraffic

C2

77.105.132.87:6731

Extracted

Family

redline

Botnet

@oleh_ps

C2

176.123.7.190:32927

Extracted

Family

smokeloader

Botnet

up3

Extracted

Family

eternity

Wallets

47vk9PbPuHnEnazCn4tLpwPCWRLSMhpX9PD8WqpjchhTXisimD6j8EvRFDbPQHKUmHVq3vAM3DLytXLg8CqcdRXRFdPe92Q

Attributes

payload_urls
https://raw.githubusercontent.com/VolVeRFM/SilentMiner-VolVeR/main/VolVeRBuilder/Resources/xmrig.exe

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

Targets

- Target
  
  0x00070000000167ff-624.dat
- Size
  
  37KB
- MD5
  
  9237b4d3f030fd05a7b28f296822a046
- SHA1
  
  6ba070343226c807fe5e8d959b2fc619cd568edb
- SHA256
  
  ff740b99b7815553a3d99d9ea7ed0261970a5131482a910fcc3d050a9d4ca6e7
- SHA512
  
  5467dc7296fe7ed9d90b0b3b7076845e141d900a8a82655ac74edf02854173d2a9e96124359c3cf2041c44f291746bae88237f47510ca678f9f022176f18d9d8
- SSDEEP
  
  768:d8n3N4JRqwg8UTB+8zx70f0PSuopLwlFFWO7:dmN4JRrg8ypxSKFFX
Score

10^/10

eternity glupteba redline smokeloader @oleh_ps livetraffic up3 backdoor dropper evasion infostealer loader trojan
- Eternity
  Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.
  eternity
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba payload
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Modifies Windows Firewall
  evasion
- Deletes itself
- Executes dropped EXE
behavioral1 behavioral2