eternity | 3deb90aba1fd4484ac6b29a7e1bbbc65237d3c7abd3344edd8a94d1db6f213bc | Triage

Sharing

General

Target

485d108355bfdf19e2873518d910bf24.exe
Size

1.9MB
Sample

230313-c9ltgagc27
MD5

485d108355bfdf19e2873518d910bf24
SHA1

5a6dbc5f9ae480508ff1366860576feeca802b7a
SHA256

3deb90aba1fd4484ac6b29a7e1bbbc65237d3c7abd3344edd8a94d1db6f213bc
SHA512

bdb7cf2a2a105a9d2f6debc4f2927e6cdbb96bf055bce087c8e9c27b3929e59886dded33ac5994a476a02d77872a1a2438739d2d075518ec3238b175c27dcde7
SSDEEP

49152:pZXsdhPn8YIb3F6rcGyIXzw4CEHwLL2M:8nn8YITF0/PeL

Score

10^/10

eternity worm

Malware Config

Extracted

Family

eternity

C2

http://eternityms33k74r7iuuxfda4sqsiei3o3lbtr5cpalf6f4skszpruad.onion

Attributes

payload_urls
http://167.88.170.23/swo/sw.exe

http://167.88.170.23/swo/swo.exe

Targets

- Target
  
  485d108355bfdf19e2873518d910bf24.exe
- Size
  
  1.9MB
- MD5
  
  485d108355bfdf19e2873518d910bf24
- SHA1
  
  5a6dbc5f9ae480508ff1366860576feeca802b7a
- SHA256
  
  3deb90aba1fd4484ac6b29a7e1bbbc65237d3c7abd3344edd8a94d1db6f213bc
- SHA512
  
  bdb7cf2a2a105a9d2f6debc4f2927e6cdbb96bf055bce087c8e9c27b3929e59886dded33ac5994a476a02d77872a1a2438739d2d075518ec3238b175c27dcde7
- SSDEEP
  
  49152:pZXsdhPn8YIb3F6rcGyIXzw4CEHwLL2M:8nn8YITF0/PeL
Score

10^/10

eternity worm
- Eternity
  Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.
  eternity
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2