eternity

Resubmissions

23-04-2023 20:43

230423-zhx4rafg66 10

23-04-2023 20:38

230423-zep9qshd4y 10

Sharing

Copy URL

Twitter E-mail

General

Target

Eternity.zip
Size

34.8MB
Sample

230423-zhx4rafg66
MD5

0d9d6ce16c585d99a448e603d16fb37c
SHA1

1fd126eace25d6ffe6ed728655c95c93dfc9d6c6
SHA256

f9ff69cbe78079ea490b3e81164d9cbdd66bb6d9b6cc9870780daf372965746f
SHA512

9383243ae7071f011b0ffd90e62f38ecbeb29991ee40ea714d7b0bd499f43b720d9f13df731e1c2c2ef1e89bfe08c242ae756831eb1f93d8560648e69353e098
SSDEEP

786432:yaaKONBxRnIb8qfcVB6SvsZLvTaDx1/EWPAva7Tj8w4bQUF6CRVqoMUv2:yvvRW8zb6qs5aDx1/TAEubQ+bl2

Score

10^/10

Malware Config

Targets

- Target
  
  Bunifu.dll
- Size
  
  232KB
- MD5
  
  a956773892ea3bb538c4656475c35126
- SHA1
  
  e2cc84075cd18b96623fd29d529873f379e398c2
- SHA256
  
  d95d7cdb4a549a7f9a06c9059027bd90e926a15b21f118a59536ee9b5febb768
- SHA512
  
  d376b8700d2461e63c4da6fc0dedcc33aa44dca4766fa50fa2cc4475d8bb00fc919568967a2f3b250b8f40a3e45bf48421f3b7f35e081a55805683f3092645e7
- SSDEEP
  
  6144:wHZKhR7DDGGWH7qriB6V5XGLXHb4Hp9JH:wHZKhR7DDGGemriBw5XFHz
Score

1^/10
behavioral1 behavioral2
- Target
  
  DiscordRPC.dll
- Size
  
  79KB
- MD5
  
  ad463f573775c43a561ade842c41b0e8
- SHA1
  
  e70e10a18a3ae85cd1ca9be66a7bb46d99ccccd3
- SHA256
  
  6a18dfc8bdc6030787b5814c76b8663dbe5b8ca469beb65a2ca9f5731fa1906f
- SHA512
  
  0c790e70150148f4cc516cc9abcdf42a5b28a0785a61cd02ab7d59776df25eaeea287c98522d4b3271cae8bf35f98d91049c6474e81cc2745dc32a808832efe0
- SSDEEP
  
  768:Jp+8VvNVQPCNRRUzpEqrK0V2Yct83YVhEbqoL/wDIijcJRM2S0B+mhx9HS4i6E4m:nVvNGP6U1bwueoRPMVo+mhxVS4i60
Score

1^/10
behavioral3 behavioral4
- Target
  
  ENet.Managed.dll
- Size
  
  827KB
- MD5
  
  cf9a52a66d1646b5f3e57bcaee94fd73
- SHA1
  
  dabd793aea031d58fd173bb752cf8adcc61845e0
- SHA256
  
  e864c7b0aac1abe4eb9f74b28bb413586de1a48198b9e009eb3999e68a9c8583
- SHA512
  
  557a351908310410562789f58b8f5c51049fd09394c4e8282838e0bec5338222131257b781e77d91a801de5bc38800ffb3f6f1cab494a10817c902c9f6d4b84b
- SSDEEP
  
  12288:kE4RqwhxzcEtaJzhp/tDLb3Oun7H0HLv3rJmZLcyKu7RTT6akCNDV4X:kE4xYFVDP5ALTMLp/t7kCNG
Score

1^/10
behavioral5 behavioral6
- Target
  
  Eternity.exe
- Size
  
  40.7MB
- MD5
  
  9b4ba69253a258c3097787b3058819f7
- SHA1
  
  ccf44f8b6d3398c842aa89835803cd70915f1dd2
- SHA256
  
  f737602ff2d37a7b77ee217c658f550e68073185343964cf691eb873d5416431
- SHA512
  
  3cbc25936aa25d2f111a839acd6b40505691e5c673227b2dd090d453414a2f660dc35f8fba6b3e3cb034fb8fb0c19f3ef70847d9d51908383c6940005b113dac
- SSDEEP
  
  786432:SzvsyBy7Mu30RhoObPgeXwj8ZB6aykDYGpmqbrAfw:3yCMr3NL7w+XDYEPAfw
Score

10^/10

eternity stealer upx
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- Detects Eternity stealer
  stealer
- Eternity
  Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.
  eternity
- Downloads MZ/PE file
- Drops file in Drivers directory
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral7 behavioral8
- Target
  
  Newtonsoft.Json.dll
- Size
  
  659KB
- MD5
  
  4df6c8781e70c3a4912b5be796e6d337
- SHA1
  
  cbc510520fcd85dbc1c82b02e82040702aca9b79
- SHA256
  
  3598cccad5b535fea6f93662107a4183bfd6167bf1d0f80260436093edc2e3af
- SHA512
  
  964d9813e4d11e1e603e0a9627885c52034b088d0b0dfa5ac0043c27df204e621a2a654445f440ae318e15b1c5fea5c469da9e6a7350a787fef9edf6f0418e5c
- SSDEEP
  
  12288:rktg1lrjC8rjICqbwNjR4xq7iiX19K7Df/SoOKQrIB+jfP:rggD7PIEjR4xq7iiXTK7D3So9AIB+jn
Score

1^/10
behavioral10 behavioral9
- Target
  
  System.Buffers.dll
- Size
  
  20KB
- MD5
  
  a48936868abf91274def7231aa52dbb5
- SHA1
  
  f02fa5231536c0dd9cef9e84e609646b23d5d33c
- SHA256
  
  423200010a7684763451473a4fb206dfa074fc8249676621ef9d9a13417d364d
- SHA512
  
  c8fe3d1314794ae7071a647e328a46a30e6d96e574daa896fcebebf6bb51ce0af14e6cc63a0e1600a0e4adbc7aa18e97ee58581adccac23981c029ea782b5f9d
- SSDEEP
  
  384:ay/fjFwUI/KQyVvKdDhG6ISDFWvYW8aIcyHRN7WEg2ly0:auhMaVmzDC6b
Score

1^/10
behavioral11 behavioral12
- Target
  
  System.Memory.dll
- Size
  
  133KB
- MD5
  
  c4733dc2af87b7085cabcbabe7cde958
- SHA1
  
  091cba44da9d5584b8746b3e386fd3776dfab743
- SHA256
  
  3cb4f4f803c41b22c97ec61f752f93efc7be9328f8ceaa9ab0f36d3c5b563ef7
- SHA512
  
  67f829e32a3ab5a8404b9bf20d265076c0a89e50b639022dca42bfd3ad1cde15dba40dbdcb777d6b7475a20b493811fa70e540a4ffa855cb8da5c34119684cf5
- SSDEEP
  
  3072:XP3XFz0qjCIIMAxlUXsKovHO420kN1A6C8I:Xh0qjC5RMOHO420kN1
Score

1^/10
behavioral13 behavioral14
- Target
  
  System.Numerics.Vectors.dll
- Size
  
  113KB
- MD5
  
  aaa2cbf14e06e9d3586d8a4ed455db33
- SHA1
  
  3d216458740ad5cb05bc5f7c3491cde44a1e5df0
- SHA256
  
  1d3ef8698281e7cf7371d1554afef5872b39f96c26da772210a33da041ba1183
- SHA512
  
  0b14a039ca67982794a2bb69974ef04a7fbee3686d7364f8f4db70ea6259d29640cbb83d5b544d92fa1d3676c7619cd580ff45671a2bb4753ed8b383597c6da8
- SSDEEP
  
  1536:nPOw0SUUKw+GbgjMV+fCY1UiiGZ6qetMXIAMZ2zstK/hV+sUwS:nWw0SUUKBM8aOUiiGw7qa9tK/bJS
Score

1^/10
behavioral15 behavioral16
- Target
  
  System.Runtime.CompilerServices.Unsafe.dll
- Size
  
  16KB
- MD5
  
  c4cfe03f75bc01969bc936c9c09baa12
- SHA1
  
  cb96ea48ee8aa9fe764d6f1ec30751001a0a646d
- SHA256
  
  a2d38a330df390cc739689369a36520fe491d3660d73974eb46b51608f50675b
- SHA512
  
  6db15403523b6c966d7aa6906cfc219a956f6c7a68c60774e9ed9f261df1a4d6731b92c59f3caafaeb345b853cd237fa163155b8b8e7825ba69a634878c929e2
- SSDEEP
  
  192:RMyaqO8cxdQWXYWJeaotWsI9A9GaHnhWgN7aJeWwgCWuXqnaju02aU:RTO9dQWXYW8aocyHRN7WEgSly0
Score

1^/10
behavioral17 behavioral18

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Contains code to disable Windows Defender

Detects Eternity stealer

Downloads MZ/PE file

Drops file in Drivers directory

Executes dropped EXE

Loads dropped DLL

UPX packed file

Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18