eternity | e0806ec8b5ef5a9d9c59bddbf6c946320c345a5d54ed5b808170fd7967f3889a | Triage

Sharing

General

Target

e0806ec8b5ef5a9d9c59bddbf6c946320c345a5d54ed5b808170fd7967f3889a
Size

3.8MB
Sample

220920-2csm7aabdl
MD5

102d3fa40d97527969092a10edf227fa
SHA1

5c80cf703216391fd2eabfd726c433d721d16e2d
SHA256

e0806ec8b5ef5a9d9c59bddbf6c946320c345a5d54ed5b808170fd7967f3889a
SHA512

fe3f974a7204bf0dc582cbc5fa274248fc3a493a7c538d59920f6ebc0777bda37d70d614ecdee05856aa00023e2904f7e130ee4ed4f3161035dc27a05f2f3201
SSDEEP

98304:gAaWLv99o6OGCyps4mFlHPqmHzUkUz3paWw:BLvOKWblV0wJ

Score

10^/10

eternity persistence

Malware Config

Extracted

Family

eternity

Attributes

payload_urls
http://178.20.44.214/edgedownload.exe

http://178.20.44.214/a.exe

Targets

- Target
  
  e0806ec8b5ef5a9d9c59bddbf6c946320c345a5d54ed5b808170fd7967f3889a
- Size
  
  3.8MB
- MD5
  
  102d3fa40d97527969092a10edf227fa
- SHA1
  
  5c80cf703216391fd2eabfd726c433d721d16e2d
- SHA256
  
  e0806ec8b5ef5a9d9c59bddbf6c946320c345a5d54ed5b808170fd7967f3889a
- SHA512
  
  fe3f974a7204bf0dc582cbc5fa274248fc3a493a7c538d59920f6ebc0777bda37d70d614ecdee05856aa00023e2904f7e130ee4ed4f3161035dc27a05f2f3201
- SSDEEP
  
  98304:gAaWLv99o6OGCyps4mFlHPqmHzUkUz3paWw:BLvOKWblV0wJ
Score

10^/10

eternity persistence
- Eternity
  Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.
  eternity
- Downloads MZ/PE file
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Remote System Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

eternitypersistence