eternity | 254ed5fed795e8ca481785c3190f428fef25ee0326bb6bbbe461078bd2cdfd43 | Triage

Submit
Reports

Overview

overview

Static

static

FoxitPDFRe...om.exe

windows7-x64

8

FoxitPDFRe...om.exe

windows10-2004-x64

Sharing

General

Target

FoxitPDFReader121_enu_Setup_Prom.exe
Size

1.5MB
Sample

230119-z6fjlshd95
MD5

0578fb34cae800e8e048a20417743bd7
SHA1

c6deed315110ef67b5e465fd01fe5f7496b86975
SHA256

254ed5fed795e8ca481785c3190f428fef25ee0326bb6bbbe461078bd2cdfd43
SHA512

fee7dfa9fceb152f00c24c53b518d4e6546fa43d531f9b67dd09e9351fa20e07a9960e83263623c1b11b829261ec400b94deba78626a120b81679f06b40e6801
SSDEEP

24576:gWmAFubS6dt9McpUGUT/oe4PWroZP8ZLfywzD/XKBCxnBmthc4w:826dRpEk3PWroFwyGD/XK4zB

Score

10^/10

eternity collection upx

Static task

static1

Behavioral task

behavioral1

Sample

FoxitPDFReader121_enu_Setup_Prom.exe

Resource

win7-20220812-en

windows7-x64

7 signatures

300 seconds

Behavioral task

behavioral2

Sample

FoxitPDFReader121_enu_Setup_Prom.exe

Resource

win10v2004-20220812-en

eternity collection upx

windows10-2004-x64

19 signatures

300 seconds

Malware Config

Extracted

Family

eternity

C2

http://eternityms33k74r7iuuxfda4sqsiei3o3lbtr5cpalf6f4skszpruad.onion

Targets

- Target
  
  FoxitPDFReader121_enu_Setup_Prom.exe
- Size
  
  1.5MB
- MD5
  
  0578fb34cae800e8e048a20417743bd7
- SHA1
  
  c6deed315110ef67b5e465fd01fe5f7496b86975
- SHA256
  
  254ed5fed795e8ca481785c3190f428fef25ee0326bb6bbbe461078bd2cdfd43
- SHA512
  
  fee7dfa9fceb152f00c24c53b518d4e6546fa43d531f9b67dd09e9351fa20e07a9960e83263623c1b11b829261ec400b94deba78626a120b81679f06b40e6801
- SSDEEP
  
  24576:gWmAFubS6dt9McpUGUT/oe4PWroZP8ZLfywzD/XKBCxnBmthc4w:826dRpEk3PWroFwyGD/XK4zB
Score

10^/10

upx eternity collection
- Eternity
  Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.
  eternity
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Accesses Microsoft Outlook profiles
  collection
- Drops desktop.ini file(s)
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

eternitycollectionupx

© 2018-2025

Terms | Privacy