Overview

overview

10

Static

static

10

Bunifu.dll

windows7-x64

1

Bunifu.dll

windows10-2004-x64

1

DiscordRPC.dll

windows7-x64

1

DiscordRPC.dll

windows10-2004-x64

1

ENet.Managed.dll

windows7-x64

1

ENet.Managed.dll

windows10-2004-x64

1

Eternity.exe

windows7-x64

10

Eternity.exe

windows10-2004-x64

10

Newtonsoft.Json.dll

windows7-x64

1

Newtonsoft.Json.dll

windows10-2004-x64

1

System.Buffers.dll

windows7-x64

1

System.Buffers.dll

windows10-2004-x64

1

System.Memory.dll

windows7-x64

1

System.Memory.dll

windows10-2004-x64

1

System.Num...rs.dll

windows7-x64

1

System.Num...rs.dll

windows10-2004-x64

1

System.Run...fe.dll

windows7-x64

1

System.Run...fe.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    90s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31-01-2024 22:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Eternity.exe

  • Size

    1.3MB

  • MD5

    ef451fd641c05a1a83e2be29a405b4dd

  • SHA1

    f4572606224ac0e8d1e6bf3daabbc6b794d81be9

  • SHA256

    6b02571572867398bea14e8c7bb83a4a1ba79b42d9cfac884957786ebd06fba4

  • SHA512

    0e15e95f17616a19ceed8e4da5c5da738ca8971009782fc39644710621ce41e8c6503a74cd8c6351250dc2e6ee8052d381f21482ce15954f5bfd47792e5335e1

  • SSDEEP

    12288:iTEYAsROAsrt/uxduo1jB0Y96qGCirtbb+ZlKm9fn7sKVoFYhakR37hwHPPKv5N0:iwT7rC6qDIESmlFw6eMrI

Score
10/10
eternityspywarestealer

Malware Config

Signatures

  • Detects Eternity stealer 1 IoCs
    stealer
  • Eternity

    Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.

    eternity
  • Drops startup file 2 IoCs
  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Eternity.exe
    "C:\Users\Admin\AppData\Local\Temp\Eternity.exe"
    1⤵
    • Drops startup file
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2568
    • C:\Users\Admin\AppData\Local\Temp\dcd.exe
      "C:\Users\Admin\AppData\Local\Temp\dcd.exe" -path=""
      2⤵
      • Executes dropped EXE
      PID:3428

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\dcd.exe
    Filesize

    53KB

    MD5

    1d79588a66399d0c3faad6cfbbb680c4

    SHA1

    cdef89f4141874b1a8d91cc9d250ac567aa1cde5

    SHA256

    597cf787ff0b4d69ea80b5a548f1a4c259862794408d749907b3dad835eb6fe9

    SHA512

    a872f468083eb604162195598728054505bb2f1a47c0c94a2a387d19f39a049d3305515f0cbf19f17dab90ebb855af53e3d2e77e882b6f5e4f2bbeb58adcbb22

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\dcd.exe
    Filesize

    32KB

    MD5

    4217a80ae6ac42db157f33e9a3d53142

    SHA1

    6c12e07826bf469336d6838b07a0fddf1a6f4596

    SHA256

    31d7aa6c7c57d2836f9c1c67b94390e3e8332705e0a9b79466e668c95a687d85

    SHA512

    6ba3373011c3ab57204ec9ef2f73c9e27edb93f78e092af409dac17386593295b5b1514e6e4d897dd76225256e9c24dff86f23cc64b2648c48fdc29056610c60

    Download Submit

  • memory/2568-0-0x0000000000FD0000-0x00000000010E8000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2568-1-0x00007FFCF4E10000-0x00007FFCF58D1000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/2568-2-0x0000000003210000-0x0000000003260000-memory.dmp

    Filesize

    320KB

    Download

  • memory/2568-6-0x00000000019E0000-0x0000000001A1E000-memory.dmp

    Filesize

    248KB

    Download

  • memory/2568-5-0x000000001C060000-0x000000001C070000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2568-7-0x000000001C060000-0x000000001C070000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2568-4-0x00000000019D0000-0x00000000019D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2568-3-0x00007FFCF4E10000-0x00007FFCF58D1000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/2568-14-0x00007FFCF4E10000-0x00007FFCF58D1000-memory.dmp

    Filesize

    10.8MB

    Download