eternity

General

Target

11ba26c3e43e06c31802a613807bc0aa.exe
Size

37KB
Sample

231211-agavdshca6
MD5

11ba26c3e43e06c31802a613807bc0aa
SHA1

7f4b52473575f1b58a158fdb2c4adc5cdb40a338
SHA256

8fa6f659cc7a07a1769348ce2cea171dd5d9877f26167bae676a951a9275c87a
SHA512

f1ff3be21973b5cee9012ebe4b95118edb1c7e601450730dc83f513aa85bddc9ede7a2a2aadb5fb678b7336366b5308a9fb272b7752af36c41dd152da943cc7f
SSDEEP

768:d8n3N4JRqwg8UTB+8zx70f0PSuopLwlFFWO7:dmN4JRrg8ypxSKFFX

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Version

2022

C2

http://81.19.131.34/fks/index.php

rc4.i32

Extracted

Family

redline

Botnet

LiveTraffic

C2

77.105.132.87:6731

Extracted

Family

smokeloader

Botnet

up3

Extracted

Family

eternity

Wallets

47vk9PbPuHnEnazCn4tLpwPCWRLSMhpX9PD8WqpjchhTXisimD6j8EvRFDbPQHKUmHVq3vAM3DLytXLg8CqcdRXRFdPe92Q

Attributes

payload_urls
https://raw.githubusercontent.com/VolVeRFM/SilentMiner-VolVeR/main/VolVeRBuilder/Resources/xmrig.exe

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

Extracted

Family

redline

Botnet

@oleh_ps

C2

176.123.7.190:32927

Targets

- Target
  
  11ba26c3e43e06c31802a613807bc0aa.exe
- Size
  
  37KB
- MD5
  
  11ba26c3e43e06c31802a613807bc0aa
- SHA1
  
  7f4b52473575f1b58a158fdb2c4adc5cdb40a338
- SHA256
  
  8fa6f659cc7a07a1769348ce2cea171dd5d9877f26167bae676a951a9275c87a
- SHA512
  
  f1ff3be21973b5cee9012ebe4b95118edb1c7e601450730dc83f513aa85bddc9ede7a2a2aadb5fb678b7336366b5308a9fb272b7752af36c41dd152da943cc7f
- SSDEEP
  
  768:d8n3N4JRqwg8UTB+8zx70f0PSuopLwlFFWO7:dmN4JRrg8ypxSKFFX
Score

10^/10

eternity redline smokeloader @oleh_ps livetraffic up3 backdoor discovery evasion infostealer spyware stealer trojan lumma themida upx
- Detect Lumma Stealer payload V4
- Eternity
  Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.
  eternity
- Lumma Stealer
  An infostealer written in C++ first seen in August 2022.
  stealer lumma
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Modifies Windows Firewall
  evasion
- Stops running service(s)
  evasion
- Deletes itself
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2