eternity | a50078c294c3980c23fc8da34f3fd1dc8ca042e07e0f7f67696d7035ec84700d | Triage

Submit
Reports

Overview

overview

Static

static

3

a50078c294...0d.exe

windows7-x64

a50078c294...0d.exe

windows10-2004-x64

Sharing

General

Target

a50078c294c3980c23fc8da34f3fd1dc8ca042e07e0f7f67696d7035ec84700d.exe
Size

455KB
Sample

240329-cz9sjsfd8t
MD5

c8d9593196962fa5d706a207c16674cd
SHA1

686a8e674e6615d5cd91f7b2cba0c755054b3f69
SHA256

a50078c294c3980c23fc8da34f3fd1dc8ca042e07e0f7f67696d7035ec84700d
SHA512

5ddae80780c6091bfe0ab5e29bc63732c08ce34f677fc341366dcecf6db9e1bd2e0ed24cfe57eface0d19c6f46010f47eb2d74888b91a503dae00651c4a756bf
SSDEEP

12288:XcTpGLwWpFGIWFfDtaY4S0LEy7w0iymL/:XOpEwiFYxsEyHiyK

Score

10^/10

eternity xworm evasion persistence rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

a50078c294c3980c23fc8da34f3fd1dc8ca042e07e0f7f67696d7035ec84700d.exe

Resource

win7-20240220-en

xworm evasion rat trojan

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

a50078c294c3980c23fc8da34f3fd1dc8ca042e07e0f7f67696d7035ec84700d.exe

Resource

win10v2004-20240226-en

eternity xworm evasion persistence rat trojan

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Extracted

Family

xworm

Version

5.1

C2

104.194.9.116:7000

Mutex

bUezpCDHVjUVS3W9

Attributes

install_file
USB.exe
telegram
https://api.telegram.org/bot6330888131:AAE5ycZdHuNqV5SVYhHeCfRENn6GuCjwXjs/sendMessage?chat_id=1046049845

aes.plain

Extracted

Family

eternity

Wallets

47vk9PbPuHnEnazCn4tLpwPCWRLSMhpX9PD8WqpjchhTXisimD6j8EvRFDbPQHKUmHVq3vAM3DLytXLg8CqcdRXRFdPe92Q

Attributes

payload_urls
https://raw.githubusercontent.com/VolVeRFM/SilentMiner-VolVeR/main/VolVeRBuilder/Resources/xmrig.exe

Targets

- Target
  
  a50078c294c3980c23fc8da34f3fd1dc8ca042e07e0f7f67696d7035ec84700d.exe
- Size
  
  455KB
- MD5
  
  c8d9593196962fa5d706a207c16674cd
- SHA1
  
  686a8e674e6615d5cd91f7b2cba0c755054b3f69
- SHA256
  
  a50078c294c3980c23fc8da34f3fd1dc8ca042e07e0f7f67696d7035ec84700d
- SHA512
  
  5ddae80780c6091bfe0ab5e29bc63732c08ce34f677fc341366dcecf6db9e1bd2e0ed24cfe57eface0d19c6f46010f47eb2d74888b91a503dae00651c4a756bf
- SSDEEP
  
  12288:XcTpGLwWpFGIWFfDtaY4S0LEy7w0iymL/:XOpEwiFYxsEyHiyK
Score

10^/10

xworm evasion rat trojan eternity persistence
- Detect Xworm Payload
- Eternity
  Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.
  eternity
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Detects Windows executables referencing non-Windows User-Agents
- Detects executables packed with or use KoiVM
- Detects executables using Telegram Chat Bot
- Creates new service(s)
  persistence
- Stops running service(s)
  evasion
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scripting

Persistence

Create or Modify System Process

Windows Service

Scheduled Task/Job

Privilege Escalation

Create or Modify System Process

Windows Service

Scheduled Task/Job

Defense Evasion

Impair Defenses

Scripting

Credential Access

Discovery

Remote System Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

xwormevasionrattrojan

behavioral2

eternityxwormevasionpersistencerattrojan

© 2018-2025

Terms | Privacy