eternity | 4c94ced8bc0b5686daaa87c648fbbf99f5d14cf24befd3a203138505901db038 | Triage

Sharing

General

Target

file.exe
Size

2.1MB
Sample

230308-qwth2sfb69
MD5

0025bb6d0a9d41a97e19d014fd237e09
SHA1

2cf196d7bd6ab6a27b2a0605cba0b89fa70d66fb
SHA256

4c94ced8bc0b5686daaa87c648fbbf99f5d14cf24befd3a203138505901db038
SHA512

23f66dbe24001354d6fbf809208d8994954d9a86d154f72b54a0ec1542885b3777a4efb6a51900deea45acb60c71dc49d6e434391c14d8349b48d8330079cdec
SSDEEP

49152:1jzUCIk+1a7hKVy7fH6PlTooUy9KhJNN38g:5UCIk+E7h/fBFGKhF3

Score

10^/10

eternity worm

Malware Config

Extracted

Family

eternity

C2

http://eternityms33k74r7iuuxfda4sqsiei3o3lbtr5cpalf6f4skszpruad.onion

Attributes

payload_urls
http://167.88.170.23/swo/sw.exe

http://167.88.170.23/swo/swo.exe

Targets

- Target
  
  file.exe
- Size
  
  2.1MB
- MD5
  
  0025bb6d0a9d41a97e19d014fd237e09
- SHA1
  
  2cf196d7bd6ab6a27b2a0605cba0b89fa70d66fb
- SHA256
  
  4c94ced8bc0b5686daaa87c648fbbf99f5d14cf24befd3a203138505901db038
- SHA512
  
  23f66dbe24001354d6fbf809208d8994954d9a86d154f72b54a0ec1542885b3777a4efb6a51900deea45acb60c71dc49d6e434391c14d8349b48d8330079cdec
- SSDEEP
  
  49152:1jzUCIk+1a7hKVy7fH6PlTooUy9KhJNN38g:5UCIk+E7h/fBFGKhF3
Score

10^/10

eternity worm
- Eternity
  Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.
  eternity
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2