eternity

Sharing

Copy URL

Twitter E-mail

General

Target

Hugo Proxy.zip
Size

4.5MB
Sample

240329-eyshzsac47
MD5

40c6cbf64b7755512e9b4adcee7a2074
SHA1

ce92efa71a52373a03dd66e9d1162d907af1493a
SHA256

d2fc1583538a5b41a0f4ea02b03e099ae95e5df7a55bf9b57c4246b21392d389
SHA512

d2a29cd1ceebee1c1307ec628c49e056a832127e7943e043a706d633b1800ea6d7c6d542b4839924985fa5d4168fd150cefdcfc83513142953f0599ca230a469
SSDEEP

98304:FNEzQ39PxWwM8WIFnf7S1zpgH+5GEeETRJm0LP0Mq5irfuVRGJr6fNo0R:F6+51M8txV+5GvoYMq5Gf556S0R

Score

10^/10

eternity stealer

Malware Config

Targets

- Target
  
  Hugo Proxy.zip
- Size
  
  4.5MB
- MD5
  
  40c6cbf64b7755512e9b4adcee7a2074
- SHA1
  
  ce92efa71a52373a03dd66e9d1162d907af1493a
- SHA256
  
  d2fc1583538a5b41a0f4ea02b03e099ae95e5df7a55bf9b57c4246b21392d389
- SHA512
  
  d2a29cd1ceebee1c1307ec628c49e056a832127e7943e043a706d633b1800ea6d7c6d542b4839924985fa5d4168fd150cefdcfc83513142953f0599ca230a469
- SSDEEP
  
  98304:FNEzQ39PxWwM8WIFnf7S1zpgH+5GEeETRJm0LP0Mq5irfuVRGJr6fNo0R:F6+51M8txV+5GvoYMq5Gf556S0R
Score

1^/10
behavioral1 behavioral2
- Target
  
  Hugo Proxy/Hugo Proxy.exe
- Size
  
  3.3MB
- MD5
  
  8c3eade804e008553d55f87c8898e261
- SHA1
  
  aa147d628faf0f37b72205c0e1dc46106bb01c5d
- SHA256
  
  6c2a1d5c6c6022282e496e138ad6a372a0bf6c8b079799cb96d93a6be456964d
- SHA512
  
  5d75d0a5d29c8b9f7422acc2b659b4ee839ff678db25cf0e11ec0cf646a15cff33175847fc432e070fc6fef3e08b3b8fa659a39cf625873ee0d0b07dd182a3e5
- SSDEEP
  
  98304:ArphCyxSSTaVpyoF2gWl59NimUCMdyer:QhCyl4xMhp
Score

10^/10

eternity stealer
- Detects Eternity stealer
  stealer
- Eternity
  Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.
  eternity
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral3 behavioral4
- Target
  
  Hugo Proxy/items.dat
- Size
  
  2.9MB
- MD5
  
  b28488d1286c7593c834648188983c4c
- SHA1
  
  49aa22884d7fbad040de3177d81262bb92b711b3
- SHA256
  
  79e93fde40b822110e003f63faa553bd8dae8192468b51fb9a7be363a5f01a2f
- SHA512
  
  00a05c471a08f3dec9005a551b2f7c9be47a0b3d4e4f01b84ac2e3bc1691764d2957dcd5a075a923231cc1be024e5804e742d253e64d907eb77e3d2a83283e82
- SSDEEP
  
  12288:2100lJqs03acUnuTn6IIM3s2NbmuI2PI1FLfm:21A3lEuTn6IIM3s2vPInm
Score

3^/10
behavioral5 behavioral6
- Target
  
  Hugo Proxy/libcrypto-3-x64.dll
- Size
  
  4.3MB
- MD5
  
  b6193aea589adc707aa0945bb925e535
- SHA1
  
  68e38599c8dfae7f062634dd96a3663f42b0edc7
- SHA256
  
  04c8a659ce80849be4812631b8115f6899cd73ad7f8e77b8b4b6761254125ded
- SHA512
  
  b9ffef8401d577ba016b455776acc2052b40ae3edc7171234714d0f907dc760e1f1b07f56c68affd667ed5ebd277989f9800a67b2fa7c943bc9aa72f3cd86391
- SSDEEP
  
  98304:vQ+lMO3/Okk/b2hp75brhPZLi1CPwDvt3uF+DCR:oZY/OkNhp75brhRLi1CPwDvt3uF+DCR
Score

1^/10
behavioral7 behavioral8
- Target
  
  Hugo Proxy/libssl-3-x64.dll
- Size
  
  537KB
- MD5
  
  0515dde871d891d9c06d87e248f29519
- SHA1
  
  dbf5cf732e335a09f52f115a53c8eebf1796b88a
- SHA256
  
  6713ee6674ca2a4b95b2d74ff81fa25f265cd133b51ae212fc6d87a36d04b0db
- SHA512
  
  a4669d7393aad69ba9dbf3332fec3e769facde4f3f8c50e4b91887844f3e98424a3f21a393f9befd18da257079017a18c396b081ca5530bf6a4effa3417c2c00
- SSDEEP
  
  6144:1KdkO9yFc4oofJHxiipacDoQ4PRdyRWO+blAAsKT6z4KHavRLRf01sQi7P8kz:1q9uXBxieaOoQ2wPKe8j01sQi4k
Score

1^/10
behavioral10 behavioral9
- Target
  
  Hugo Proxy/readme.txt
- Size
  
  185B
- MD5
  
  2a248f0a028b25db753fb0bb061ebca2
- SHA1
  
  719286b2d19ae4839b2ce80cbe61f619fb63b1e9
- SHA256
  
  e5b2b391d9c6e12c78f098496ecc033726faced97bfaa8a95a4ea9d11b082ae6
- SHA512
  
  b871dcd02caaea24abc45e33c6eed4b6999ebd5d6ddb1f3b3d976535fe5c9be64e0c82df29faf52859ac0cf80a4ffcebeb2f343444bc583335922ff3423dfb57
Score

1^/10
behavioral11 behavioral12
- Target
  
  Hugo Proxy/save/clothes/ances1.txt
- Size
  
  1B
- MD5
  
  cfcd208495d565ef66e7dff9f98764da
- SHA1
  
  b6589fc6ab0dc82cf12099d1c2d40ab994e8410c
- SHA256
  
  5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9
- SHA512
  
  31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99
Score

1^/10
behavioral13 behavioral14
- Target
  
  Hugo Proxy/save/clothes/ances2.txt
- Size
  
  1B
- MD5
  
  cfcd208495d565ef66e7dff9f98764da
- SHA1
  
  b6589fc6ab0dc82cf12099d1c2d40ab994e8410c
- SHA256
  
  5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9
- SHA512
  
  31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99
Score

1^/10
behavioral15 behavioral16
- Target
  
  Hugo Proxy/save/clothes/hair1.txt
- Size
  
  1B
- MD5
  
  cfcd208495d565ef66e7dff9f98764da
- SHA1
  
  b6589fc6ab0dc82cf12099d1c2d40ab994e8410c
- SHA256
  
  5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9
- SHA512
  
  31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99
Score

1^/10
behavioral17 behavioral18
- Target
  
  Hugo Proxy/save/clothes/hair2.txt
- Size
  
  1B
- MD5
  
  cfcd208495d565ef66e7dff9f98764da
- SHA1
  
  b6589fc6ab0dc82cf12099d1c2d40ab994e8410c
- SHA256
  
  5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9
- SHA512
  
  31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99
Score

1^/10
behavioral19 behavioral20
- Target
  
  Hugo Proxy/save/clothes/hand1.txt
- Size
  
  3B
- MD5
  
  5ef698cd9fe650923ea331c15af3b160
- SHA1
  
  b00168585f7b81b68f0ef02ffa919c710fb6f592
- SHA256
  
  600b4cdf20cc06a7b5a5cca5f7464296861815519af6d8a14604201b13965ab8
- SHA512
  
  6cd1745b4121bc58385d621d75d57363d44ef9e1f3377f99a17f33fa834f19d931571222758281cfbe10e4f7ebad367793734cf142fd3ac733582b37b7c7e030
Score

1^/10
behavioral21 behavioral22
- Target
  
  Hugo Proxy/save/clothes/hand2.txt
- Size
  
  5B
- MD5
  
  d585d095b00cd2f5b50acb64add23834
- SHA1
  
  f5f9253daec4cfa0f1cb814ecbf69d7ffbdccae8
- SHA256
  
  238a789cca70494d8750b9854d8444549481aa50b1b55279d77c3aca7e1ba9a4
- SHA512
  
  59c9e7f6ba21cfa0083550a845d742a1435eb8e4c326b08883a74bcc7534d89019a3240cdb18fda65995517d92ca67777811851d2472c1619c93563aef9b44c1
Score

1^/10
behavioral23 behavioral24
- Target
  
  Hugo Proxy/save/clothes/hat1.txt
- Size
  
  1B
- MD5
  
  cfcd208495d565ef66e7dff9f98764da
- SHA1
  
  b6589fc6ab0dc82cf12099d1c2d40ab994e8410c
- SHA256
  
  5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9
- SHA512
  
  31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99
Score

1^/10
behavioral25 behavioral26
- Target
  
  Hugo Proxy/save/clothes/hat2.txt
- Size
  
  1B
- MD5
  
  cfcd208495d565ef66e7dff9f98764da
- SHA1
  
  b6589fc6ab0dc82cf12099d1c2d40ab994e8410c
- SHA256
  
  5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9
- SHA512
  
  31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99
Score

1^/10
behavioral27 behavioral28
- Target
  
  Hugo Proxy/save/clothes/neck1.txt
- Size
  
  1B
- MD5
  
  cfcd208495d565ef66e7dff9f98764da
- SHA1
  
  b6589fc6ab0dc82cf12099d1c2d40ab994e8410c
- SHA256
  
  5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9
- SHA512
  
  31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99
Score

1^/10
behavioral29 behavioral30
- Target
  
  Hugo Proxy/save/clothes/neck2.txt
- Size
  
  1B
- MD5
  
  cfcd208495d565ef66e7dff9f98764da
- SHA1
  
  b6589fc6ab0dc82cf12099d1c2d40ab994e8410c
- SHA256
  
  5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9
- SHA512
  
  31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Detects Eternity stealer

Drops file in Drivers directory

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32