eternity | e228aeaa8bc4541b749f1e2a6f0ce6692f0822b93243e00778dd940c903be729 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

winprofile

windows7-x64

winprofile

windows10-1703-x64

Sharing

General

Target

e228aeaa8bc4541b749f1e2a6f0ce6692f0822b93243e00778dd940c903be729
Size

5.9MB
Sample

220920-2ctkgsabdm
MD5

77bf70f8c1da395f912d51fff3e6b18a
SHA1

b43ba34649de3f6a1371d50cfe54f81e1fbf23f4
SHA256

e228aeaa8bc4541b749f1e2a6f0ce6692f0822b93243e00778dd940c903be729
SHA512

07b53ffe3ead2b151c17c97c1af025bf81313cd26e92f73508680ca7c273c1494de0f36ca7038ae9c39c74395cf1c36daa5fa2ba051058b17f08cac85bb7550d
SSDEEP

98304:MyPKcjUaampDA4HZpEkEno6DxWd9NadL+++zMap5Eiyao6UTzm9gFJFjH:zicdampfHZ6fo6DxLu/p5EiC6U2qfF

Score

10^/10

eternity collection

Static task

static1

Behavioral task

behavioral1

Sample

e228aeaa8bc4541b749f1e2a6f0ce6692f0822b93243e00778dd940c903be729.exe

Resource

win7-20220812-en

eternity collection

windows7-x64

13 signatures

300 seconds

Behavioral task

behavioral2

Sample

e228aeaa8bc4541b749f1e2a6f0ce6692f0822b93243e00778dd940c903be729.exe

Resource

win10-20220812-en

eternity collection

windows10-1703-x64

13 signatures

300 seconds

Malware Config

Targets

- Target
  
  e228aeaa8bc4541b749f1e2a6f0ce6692f0822b93243e00778dd940c903be729
- Size
  
  5.9MB
- MD5
  
  77bf70f8c1da395f912d51fff3e6b18a
- SHA1
  
  b43ba34649de3f6a1371d50cfe54f81e1fbf23f4
- SHA256
  
  e228aeaa8bc4541b749f1e2a6f0ce6692f0822b93243e00778dd940c903be729
- SHA512
  
  07b53ffe3ead2b151c17c97c1af025bf81313cd26e92f73508680ca7c273c1494de0f36ca7038ae9c39c74395cf1c36daa5fa2ba051058b17f08cac85bb7550d
- SSDEEP
  
  98304:MyPKcjUaampDA4HZpEkEno6DxWd9NadL+++zMap5Eiyao6UTzm9gFJFjH:zicdampfHZ6fo6DxLu/p5EiC6U2qfF
Score

10^/10

eternity collection
- Eternity
  Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.
  eternity
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

eternitycollection

behavioral2

eternitycollection

© 2018-2025

Terms | Privacy