eternity | a5236b3142e898d26bf6f106029a3dafc72960eb4949b1ebb59cac601364fd61 | Triage

Sharing

General

Target

KRNLWRD.rar
Size

6.8MB
Sample

240704-ylbjgswbjl
MD5

0543fb19e06332230138146e743561d1
SHA1

eda5c083624948c1388ba73c33447c97ddea7f41
SHA256

a5236b3142e898d26bf6f106029a3dafc72960eb4949b1ebb59cac601364fd61
SHA512

e7d934d87b730b484c578f3db648224cc192f292a1f9434a655719015da440b4d15458348a85c2f88d0b6808ae032a3f082f12d1b53fb0a7405425d95f7a358e
SSDEEP

196608:MplB+dQH+kpC8eMpApf9aBHjHEhp5vKtMtSuJ1414:AlByWp2fglr2DVF

Score

10^/10

eternity execution spyware stealer

Malware Config

Targets

- Target
  
  KRNLWRD/Bunifu_UI_v1.5.3.dll
- Size
  
  236KB
- MD5
  
  2ecb51ab00c5f340380ecf849291dbcf
- SHA1
  
  1a4dffbce2a4ce65495ed79eab42a4da3b660931
- SHA256
  
  f1b3e0f2750a9103e46a6a4a34f1cf9d17779725f98042cc2475ec66484801cf
- SHA512
  
  e241a48eafcaf99187035f0870d24d74ae97fe84aaadd2591cceea9f64b8223d77cfb17a038a58eadd3b822c5201a6f7494f26eea6f77d95f77f6c668d088e6b
- SSDEEP
  
  6144:SIQpxILDXGGMO7Ice9C5kQw2hWHcHTykhb:SIQpxILDXGGlET9n/cHG
Score

1^/10
behavioral1
- Target
  
  KRNLWRD/ScintillaNET.dll
- Size
  
  1.3MB
- MD5
  
  9166536c31f4e725e6befe85e2889a4b
- SHA1
  
  f0cd8253b7e64157d39a8dc5feb8cf7bda7e8dae
- SHA256
  
  ad0cc5a4d4a6aae06ee360339c851892b74b8a275ce89c1b48185672179f3163
- SHA512
  
  113a7b77d2d557d135470787deead744d42f8292d853e2b55074e9cb3591fd045ffd10e5c81b5c15dde55861b806363568611e591ae25dcb31cf011da7e72562
- SSDEEP
  
  24576:IJSShz305vgNF7/cOCPHPSVs4Eq+QTNX+cfQdS+2MMPishd/Ws5:ti0aNvoHqs4L95X+cfx/HGC
Score

10^/10

eternity execution spyware stealer
- Detects Eternity stealer
  stealer
- Eternity
  Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.
  eternity
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral2
- Target
  
  KRNLWRD/autoexec.lnk
- Size
  
  1KB
- MD5
  
  4093f1e5a6222a64baf60a90e2b82cc3
- SHA1
  
  e9b8175224ad7c715fa2f08b79dbf864597f33fe
- SHA256
  
  b05e77d756a0970c0e8345ccc53b637b9f3926e788bbf5c1bbbb2bbff4d82348
- SHA512
  
  594685509699d205845f2843853e5e6c5e8b3a2950f34e40fa9395584df257f891d5ff86120f53c077ff7346cd03907eb33913f25be5ca860e6272416cd70c23
Score

3^/10
behavioral3
- Target
  
  KRNLWRD/injector.dll
- Size
  
  19KB
- MD5
  
  a4db6b21f7398882100909f37c1067a4
- SHA1
  
  7b2a61d09e4959f4578b556196a8405a2f6e45f3
- SHA256
  
  d986554d185d3f4e827a1287322210ff6a143ed723d203efbf00a8757aa13714
- SHA512
  
  42bafe3ef80a748db64dfc88a159a06ee33cecb3f709f01d9c1a9e38d3ab81008f3226963c1c2e926f5e4b6e9442fd2f8a89b0fa5425d04db869cf7be7bddd31
- SSDEEP
  
  384:5xE24iKOgW7+uPOxQkWWma3NCx7cTuOJ9jIwq6Am:5JVKVxPXWWmgIx7cKOEZFm
Score

1^/10
behavioral4
- Target
  
  KRNLWRD/krnl.dll
- Size
  
  5.3MB
- MD5
  
  e9921b7d3ff7044834e0c5998270cd0c
- SHA1
  
  e30c5794dbc92578d5bbd23d095a4a256caf4912
- SHA256
  
  c0e5c51445b189f8a17529ce8fce8d11ed7f99211e19684228fdd12366c458ab
- SHA512
  
  8a9a83050fee7084caa606f5e26018d4ce4b0a7a10e481fcdd8b1eae6c7b459dbe633b5b4b03b91d49427481f9e03880a64418a7e52ad6c06d25de98692a028e
- SSDEEP
  
  98304:QsK42Kx51uNmHTgZk74mqBjqSQWJuR7iGsMPD4nBx1GyePSByA5Pzm:Iwr154XBJQWaKSsnBv6a5Pz
Score

3^/10
behavioral5
- Target
  
  KRNLWRD/krnl.exe
- Size
  
  1.2MB
- MD5
  
  fb3a52d1045b1a0298668f2d77680306
- SHA1
  
  e16d5085977f1b895b7b2a046570b2da474add86
- SHA256
  
  8869c44219364f911548cb18da0cc6413b3277d3a8a8df18d0a521b558830d6e
- SHA512
  
  e19ce4c86ef8bf2ab25b4da67bf83acef5a8e688abfd3f96e8dec8169ce410c833df7685b6fb0b7489cf90ca51c56cd7264e8b2a94865aea5e5dacd4c5b7f44f
- SSDEEP
  
  12288:LMqP5hP0pwI7+G70EE/0GGGGGGhGGGGxdoM43nwVkokbtkK:LZEpRC4ysGGGGGGhGGGGx1Vpstz
Score

1^/10
behavioral6
- Target
  
  KRNLWRD/workspace.lnk.lnk
- Size
  
  1KB
- MD5
  
  b24aa4c070dcbe2c4b4123f65e239724
- SHA1
  
  5ac5fcaebbedea247a6fdc6905c6640d5b4c66f6
- SHA256
  
  a1bb2847ca301059384d736f1e977c694b69f5dd32249298f09a781f560fccf7
- SHA512
  
  11bbe6abb1f5e2375ddad981aaa8be1a05c83730afad2bb81ac87002153a3ff6a30bd1695343d6e08b16ea1a66cd943fd3215a233599c201183e1ab8b10869e9
Score

3^/10
behavioral7

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

eternityexecutionspywarestealer

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7