eternity | f9bc76479e0f36005e42a52c7851594ba8529b3f5d08052179030ca98d9afb6f | Triage

Sharing

General

Target

f9bc76479e0f36005e42a52c7.exe
Size

2.2MB
Sample

230627-rrk7jsfd6x
MD5

4c5e571050a0cd02c4b291ddf1382dda
SHA1

617c9f96fca56a74c1a46a091f47d820d5f66da4
SHA256

f9bc76479e0f36005e42a52c7851594ba8529b3f5d08052179030ca98d9afb6f
SHA512

6d5426acd5b0fa1c21475bc83ada1afc23eba40cc34ee6b0ab670ea0870a7c90affee6bbd89fd2c254a34888136e6aedcfacc6462fe37e129627ec76ca20e83e
SSDEEP

24576:SkT/Hk7qm8vUPKD7rabrpnWzmGnVm0wTZPaWvwsGTtISNFQjFJsu3xQRse9aqD21:jDUqXMSDnxm0VRwPwsnRFSue91j8TP5

Score

10^/10

eternity worm

Malware Config

Extracted

Family

eternity

Attributes

payload_urls
http://162.244.93.4/~rubin/swo.exe,http://162.244.93.4/~rubin/art.exe

Targets

- Target
  
  f9bc76479e0f36005e42a52c7.exe
- Size
  
  2.2MB
- MD5
  
  4c5e571050a0cd02c4b291ddf1382dda
- SHA1
  
  617c9f96fca56a74c1a46a091f47d820d5f66da4
- SHA256
  
  f9bc76479e0f36005e42a52c7851594ba8529b3f5d08052179030ca98d9afb6f
- SHA512
  
  6d5426acd5b0fa1c21475bc83ada1afc23eba40cc34ee6b0ab670ea0870a7c90affee6bbd89fd2c254a34888136e6aedcfacc6462fe37e129627ec76ca20e83e
- SSDEEP
  
  24576:SkT/Hk7qm8vUPKD7rabrpnWzmGnVm0wTZPaWvwsGTtISNFQjFJsu3xQRse9aqD21:jDUqXMSDnxm0VRwPwsnRFSue91j8TP5
Score

10^/10

eternity worm
- Eternity
  Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.
  eternity
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2