eternity | e0806ec8b5ef5a9d9c59bddbf6c946320c345a5d54ed5b808170fd7967f3889a | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

winprofile

windows7-x64

5

winprofile

windows10-1703-x64

Sharing

General

Target

e0806ec8b5ef5a9d9c59bddbf6c946320c345a5d54ed5b808170fd7967f3889a
Size

3.8MB
Sample

220920-2csm7aabdl
MD5

102d3fa40d97527969092a10edf227fa
SHA1

5c80cf703216391fd2eabfd726c433d721d16e2d
SHA256

e0806ec8b5ef5a9d9c59bddbf6c946320c345a5d54ed5b808170fd7967f3889a
SHA512

fe3f974a7204bf0dc582cbc5fa274248fc3a493a7c538d59920f6ebc0777bda37d70d614ecdee05856aa00023e2904f7e130ee4ed4f3161035dc27a05f2f3201
SSDEEP

98304:gAaWLv99o6OGCyps4mFlHPqmHzUkUz3paWw:BLvOKWblV0wJ

Score

10^/10

eternity persistence

Static task

static1

Behavioral task

behavioral1

Sample

e0806ec8b5ef5a9d9c59bddbf6c946320c345a5d54ed5b808170fd7967f3889a.exe

Resource

win7-20220901-en

windows7-x64

3 signatures

300 seconds

Behavioral task

behavioral2

Sample

e0806ec8b5ef5a9d9c59bddbf6c946320c345a5d54ed5b808170fd7967f3889a.exe

Resource

win10-20220812-en

eternity persistence

windows10-1703-x64

11 signatures

300 seconds

Malware Config

Extracted

Family

eternity

Attributes

payload_urls
http://178.20.44.214/edgedownload.exe

http://178.20.44.214/a.exe

Targets

- Target
  
  e0806ec8b5ef5a9d9c59bddbf6c946320c345a5d54ed5b808170fd7967f3889a
- Size
  
  3.8MB
- MD5
  
  102d3fa40d97527969092a10edf227fa
- SHA1
  
  5c80cf703216391fd2eabfd726c433d721d16e2d
- SHA256
  
  e0806ec8b5ef5a9d9c59bddbf6c946320c345a5d54ed5b808170fd7967f3889a
- SHA512
  
  fe3f974a7204bf0dc582cbc5fa274248fc3a493a7c538d59920f6ebc0777bda37d70d614ecdee05856aa00023e2904f7e130ee4ed4f3161035dc27a05f2f3201
- SSDEEP
  
  98304:gAaWLv99o6OGCyps4mFlHPqmHzUkUz3paWw:BLvOKWblV0wJ
Score

10^/10

eternity persistence
- Eternity
  Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.
  eternity
- Downloads MZ/PE file
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Remote System Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

eternitypersistence

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.