eternity | e258f2b67f8d5cf71001793d5c28ddf43252a2f514f70cfe969385b85a4f76c4 | Triage

Sharing

General

Target

3133a2d3553f6058630f503bf2a7a862.bin
Size

1.5MB
Sample

230331-blpd1sgb26
MD5

43a36980d8fe44ee6bb1e3e9ea5c4253
SHA1

585749fe2326bf83e81153128f2cf6a0971009ce
SHA256

e258f2b67f8d5cf71001793d5c28ddf43252a2f514f70cfe969385b85a4f76c4
SHA512

fe7c0914236ea650720f9c8a48b4db1af118a5d10eb05c0c286c8634aab71484e1ec169b1bba99cba8052724f7a63ea93cef368d4bcc096fb611301c95ccb9b7
SSDEEP

49152:31K9BRkzpBT7aRYmO1v4ToKBnD5b+/wNQmRzqF5mK:l0cbRlQoKJ5b+oimRQf

Score

10^/10

eternity worm

Malware Config

Extracted

Family

eternity

C2

http://eternityms33k74r7iuuxfda4sqsiei3o3lbtr5cpalf6f4skszpruad.onion

Attributes

payload_urls
http://167.88.170.23/swo/sw.exe

http://167.88.170.23/swo/swo.exe

Targets

- Target
  
  46304a058536faf4eb1f49b67b6f4571f12921ae147e110813525639d1c8a878.exe
- Size
  
  2.4MB
- MD5
  
  3133a2d3553f6058630f503bf2a7a862
- SHA1
  
  5eee2643abcc2a3c388e456da96ea28d62ef504d
- SHA256
  
  46304a058536faf4eb1f49b67b6f4571f12921ae147e110813525639d1c8a878
- SHA512
  
  ea3bd9a605b4d6e39c954b3e027b2b675530c38634feadbf6d280ccf9bb9487295cb547985b36854146fe188066525baea4886f7477484d14db11fe1a1db919e
- SSDEEP
  
  49152:QsHEkCiuD+moCQZhHUWYfo11q33dRGyRt7:bG1QZWo11q3FRF
Score

10^/10

eternity worm
- Eternity
  Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.
  eternity
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Remote System Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2