Overview

overview

10

Static

static

cc5fcae70f...f7.exe

windows7-x64

9

cc5fcae70f...f7.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cc5fcae70f636b3ffa04811e2a6153f7.exe

  • Size

    3.3MB

  • Sample

    221127-h7tn7adb4v

  • MD5

    cc5fcae70f636b3ffa04811e2a6153f7

  • SHA1

    3c1687cca2ffd48adf107e8eda1ffb06beb7ba7f

  • SHA256

    01156bec33d1378d38aa16ae6605d4766f20ac5f48c9bb2c0744457ff9de3102

  • SHA512

    c63fc634a7c85d67000e25afd359a51aa0af4c259b7c4366fa4c05b2c844132cb459bc399098de2d5060dabadae91b8f1f889b4c6a5fd0a172d3f43e14d47c2b

  • SSDEEP

    98304:hHmVzuboSz63u94iSa7e1zLTdiVOiZMR+MJbZ5d:hH86qu94J1nTdiVOyMJbvd

Score
10/10
eternityevasion

Malware Config

Extracted

Family

eternity

C2

http://eternityms33k74r7iuuxfda4sqsiei3o3lbtr5cpalf6f4skszpruad.onion

Attributes
  • payload_urls

    http://167.88.170.23/w993.exe

    http://167.88.170.23/s101.exe,http://167.88.170.23/101.exe,http://167.88.170.23/R101.exe

Targets

    • Target

      cc5fcae70f636b3ffa04811e2a6153f7.exe

    • Size

      3.3MB

    • MD5

      cc5fcae70f636b3ffa04811e2a6153f7

    • SHA1

      3c1687cca2ffd48adf107e8eda1ffb06beb7ba7f

    • SHA256

      01156bec33d1378d38aa16ae6605d4766f20ac5f48c9bb2c0744457ff9de3102

    • SHA512

      c63fc634a7c85d67000e25afd359a51aa0af4c259b7c4366fa4c05b2c844132cb459bc399098de2d5060dabadae91b8f1f889b4c6a5fd0a172d3f43e14d47c2b

    • SSDEEP

      98304:hHmVzuboSz63u94iSa7e1zLTdiVOiZMR+MJbZ5d:hH86qu94J1nTdiVOyMJbvd

    Score
    10/10
    evasioneternity

    • Eternity

      Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.

      eternity

    • Looks for VirtualBox Guest Additions in registry

      evasion

    • Executes dropped EXE

    • Looks for VMWare Tools registry key

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Virtualization/Sandbox Evasion

2
T1497

Credential Access

Discovery

Query Registry

5
T1012

Virtualization/Sandbox Evasion

2
T1497

System Information Discovery

4
T1082

Peripheral Device Discovery

1
T1120

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks