eternity

General

Target

0x0009000000015f2f-118.dat
Size

37KB
Sample

231211-aqv7pagbhp
MD5

996237863d95233cfd111dd78289932a
SHA1

6747ceb940678e230977dbc099ba77f3c42261ee
SHA256

4f88c75a87294206a034625faefc4330b00a7d179f34dc7f67c053277b8d2f35
SHA512

5946dbc5672f673e138285bcd716815a80f46ad4ea7e6ae3553094761831754108eb0e8f8ab29d3d5409564c81b426afa5c88647a64396bbc15a539ca842dee6
SSDEEP

768:d8n3N4JRqwg8UTB+8zx70f0PSuopLwlFFWO7:dmN4JRrg8ypxSKFFX

Score

10^/10

Malware Config

Extracted

Family

smokeloader

Version

2022

C2

http://81.19.131.34/fks/index.php

rc4.i32

Extracted

Family

redline

Botnet

LiveTraffic

C2

77.105.132.87:6731

Extracted

Family

redline

Botnet

@oleh_ps

C2

176.123.7.190:32927

Extracted

Family

smokeloader

Botnet

up3

Extracted

Family

eternity

Wallets

47vk9PbPuHnEnazCn4tLpwPCWRLSMhpX9PD8WqpjchhTXisimD6j8EvRFDbPQHKUmHVq3vAM3DLytXLg8CqcdRXRFdPe92Q

Attributes

payload_urls
https://raw.githubusercontent.com/VolVeRFM/SilentMiner-VolVeR/main/VolVeRBuilder/Resources/xmrig.exe

Extracted

Family

smokeloader

Version

2020

C2

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

Targets

- Target
  
  0x0009000000015f2f-118.dat
- Size
  
  37KB
- MD5
  
  996237863d95233cfd111dd78289932a
- SHA1
  
  6747ceb940678e230977dbc099ba77f3c42261ee
- SHA256
  
  4f88c75a87294206a034625faefc4330b00a7d179f34dc7f67c053277b8d2f35
- SHA512
  
  5946dbc5672f673e138285bcd716815a80f46ad4ea7e6ae3553094761831754108eb0e8f8ab29d3d5409564c81b426afa5c88647a64396bbc15a539ca842dee6
- SSDEEP
  
  768:d8n3N4JRqwg8UTB+8zx70f0PSuopLwlFFWO7:dmN4JRrg8ypxSKFFX
Score

10^/10

eternity redline smokeloader @oleh_ps livetraffic up3 backdoor discovery infostealer spyware stealer trojan glupteba dropper loader
- Eternity
  Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.
  eternity
- Glupteba
  Glupteba is a modular loader written in Golang with various components.
  loader dropper glupteba
- Glupteba payload
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Deletes itself
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2