eternity | c4ab641f3560ecb8c3078c928872b3c83af2e79ac00e300aba3bc7111080eff5 | Triage

Submit
Reports

Overview

overview

Static

static

1

Pathfinder....3.exe

windows10-2004-x64

Sharing

General

Target

Pathfinder_2.19.3.zip
Size

3.0MB
Sample

240308-szpqdaaf48
MD5

7d4937db288eb20b23a6cfa25866dc59
SHA1

9a2184ac4e71409677c1e4df78cf9796c353f03a
SHA256

c4ab641f3560ecb8c3078c928872b3c83af2e79ac00e300aba3bc7111080eff5
SHA512

33aa4b359fbd815195e8db824d6d6fbdc85d94062bca77fdfe52039f949b9ea1968f00d31d05078fa80c9f413e7acb4ff89a0cfdea79b2035b4ba10598b63780
SSDEEP

98304:PRmqdK2BNnTd7cDOUGmqu874Nj9V3BWMfztBS:JmSPBNnZ7cDOUGmq774NsMW

Score

10^/10

eternity collection discovery

Static task

static1

Behavioral task

behavioral1

Sample

Pathfinder_2.19.3/Pathfinder_2.19.3.exe

Resource

win10v2004-20240226-en

eternity collection discovery

windows10-2004-x64

33 signatures

1800 seconds

Malware Config

Extracted

Family

eternity

C2

http://izrukvro5khcol3z7cvvdq3akeunlod2gshgn7ppo3a4jvse3z5hpiyd.onion

Targets

- Target
  
  Pathfinder_2.19.3/Pathfinder_2.19.3.exe
- Size
  
  7.2MB
- MD5
  
  0c702acbc7d30c865839dcb8a94a4a86
- SHA1
  
  06186c0bace78cf632d1bf31566d3e6479ab329c
- SHA256
  
  f3c880591e06396f588d5b45c599ba6aef1aae4065d0d55b3560e3547242b697
- SHA512
  
  5de2485877995cfe5b74385ed68df580c0ca8105a9089ecd9255c0e273a1677899157d73817f689af667b50da6510a8561c56309937dc32dca408fd5b2f2af7c
- SSDEEP
  
  98304:VXoFOv7y5Wm9647jfOzEa+yF0tznDOrq50oE7kwKSRPAb2Zpbq6+QYa:9E647jfOzCyCtL75YRPAkFvZX
Score

10^/10

eternity collection discovery
- Eternity
  Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.
  eternity
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook profiles
  collection
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

eternitycollectiondiscovery

© 2018-2025

Terms | Privacy