eternity | 73d8f924ec20c7ff9696e69292e6beb063cd3e49e051aa5b5b4ae331eedc66ea | Triage

Submit
Reports

Overview

overview

Static

static

tmp.exe

windows7-x64

tmp.exe

windows10-2004-x64

Sharing

General

Target

tmp
Size

5.6MB
Sample

221115-gpyprafb58
MD5

6d5b82125021e8c5ecf314e77bd26db7
SHA1

e0374c2bab3878c70e719e53c402b924ee132fce
SHA256

73d8f924ec20c7ff9696e69292e6beb063cd3e49e051aa5b5b4ae331eedc66ea
SHA512

d4ce4eb0a48bae9a74c95af6992e481e94629aafa013cc4e30b18b50108a65cc37336c03ab64103a54e406878c747e40a7e546f076bc5c127e31aba55ecab7dc
SSDEEP

49152:/KUoniCNP2MgouBwqsLqhOTbkBTWDtLCXTTSlREARTrxU/wPP46Od9sk/IRUnqno:u43+PLk0bkBCEDWlbTrOwo6W3Jaw

Score

10^/10

eternity xmrig miner

Static task

static1

Behavioral task

behavioral1

Sample

tmp.exe

Resource

win7-20220812-en

eternity xmrig miner

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

tmp.exe

Resource

win10v2004-20220812-en

eternity xmrig miner

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

eternity

Wallets

4BCCzZcSyS7L1229mxLRArhp2HPKwpBmHGDnZKnWFds856vvQcRiDSsLZWH2CjW6xigC3NSGE5Qq2gfixNyMMVc723mjiPs

Attributes

payload_urls
http://193.218.201.246/xmrig.exe

Targets

- Target
  
  tmp
- Size
  
  5.6MB
- MD5
  
  6d5b82125021e8c5ecf314e77bd26db7
- SHA1
  
  e0374c2bab3878c70e719e53c402b924ee132fce
- SHA256
  
  73d8f924ec20c7ff9696e69292e6beb063cd3e49e051aa5b5b4ae331eedc66ea
- SHA512
  
  d4ce4eb0a48bae9a74c95af6992e481e94629aafa013cc4e30b18b50108a65cc37336c03ab64103a54e406878c747e40a7e546f076bc5c127e31aba55ecab7dc
- SSDEEP
  
  49152:/KUoniCNP2MgouBwqsLqhOTbkBTWDtLCXTTSlREARTrxU/wPP46Od9sk/IRUnqno:u43+PLk0bkBCEDWlbTrOwo6W3Jaw
Score

10^/10

eternity xmrig miner
- Eternity
  Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.
  eternity
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- XMRig Miner payload
  miner
- Downloads MZ/PE file
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

eternityxmrigminer

behavioral2

eternityxmrigminer

© 2018-2024

Terms | Privacy