eternity | JaffaCakes118_9f87d14a9b58a6b91044aa1c28225f6d97b12a73a027f4a32f3d6d4e2be8fa48

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_9f87d14a9b58a6b91044aa1c28225f6d97b12a73a027f4a32f3d6d4e2be8fa48
Size

235KB
MD5

fd941b1c72ac6cf9d5974fc0f200b7bb
SHA1

9cafdd06f931ffb06b741b7e42259d77460b3d9c
SHA256

9f87d14a9b58a6b91044aa1c28225f6d97b12a73a027f4a32f3d6d4e2be8fa48
SHA512

1eb1b9be1adf3463e75d0dd73d76fd0497d831fb15a482e3297c1763552d9d24647e12cb9e30cb14aa5934e9a9ee0fa27743d3cfbb2a0dd539e7b53971292a4b
SSDEEP

6144:4wFbmmiLDzYhn+OzE20Q9kUVRulEs87lNh3/K19JcVd:4wsmiLIt5H0miEs87lrPK4Vd

Score

10^/10

stealer eternity

Malware Config

Signatures

Detects Eternity stealer 1 IoCs

stealer

resource	yara_rule
static1/unpack001/dabf03c9a26775c251f857f1ed7c3b17e3bfb26bc50d75f135104270b5188067	eternity_stealer

Eternity family
eternity

Files

JaffaCakes118_9f87d14a9b58a6b91044aa1c28225f6d97b12a73a027f4a32f3d6d4e2be8fa48
.zip

Password: infected
dabf03c9a26775c251f857f1ed7c3b17e3bfb26bc50d75f135104270b5188067
.exe windows:4 windows x64 arch:x64

Code Sign

33:00:00:02:ed:2c:45:e4:c1:45:cf:48:44:00:00:00:00:02:ed
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-12-2020 21:29

Not After

02-12-2021 21:29

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19-10-2011 18:41

Not After

19-10-2026 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

cc:e0:7f:d3:87:58:a7:69:80:c6:fd:2f:2d:81:32:83:16:b1:a4:06:17:f7:71:b8:b2:ab:77:bd:ae:5a:31:af
Signer

Actual PE Digest

cc:e0:7f:d3:87:58:a7:69:80:c6:fd:2f:2d:81:32:83:16:b1:a4:06:17:f7:71:b8:b2:ab:77:bd:ae:5a:31:af

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 216KB - Virtual size: 216KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Code Sign

33:00:00:02:ed:2c:45:e4:c1:45:cf:48:44:00:00:00:00:02:edCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

cc:e0:7f:d3:87:58:a7:69:80:c6:fd:2f:2d:81:32:83:16:b1:a4:06:17:f7:71:b8:b2:ab:77:bd:ae:5a:31:afSigner

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 216KB - Virtual size: 216KB

.rsrc Size: 6KB - Virtual size: 5KB

33:00:00:02:ed:2c:45:e4:c1:45:cf:48:44:00:00:00:00:02:ed
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

cc:e0:7f:d3:87:58:a7:69:80:c6:fd:2f:2d:81:32:83:16:b1:a4:06:17:f7:71:b8:b2:ab:77:bd:ae:5a:31:af
Signer

.text
Size: 216KB - Virtual size: 216KB

.rsrc
Size: 6KB - Virtual size: 5KB