eternity | cb470d483f2e191fa05cd9aa6d079760N[.]exe | Triage

Sharing

General

Target

cb470d483f2e191fa05cd9aa6d079760N.exe
Size

1.7MB
MD5

cb470d483f2e191fa05cd9aa6d079760
SHA1

a8124aa0553d96f24ac04eb6f4720b3f4c01bb11
SHA256

d34f79b85bfc08727eb5f9656ac33eb11a879b875d17cd8596ed80d7d0637317
SHA512

7e0f0b010cfcc083db18a80f0cdb7a1bf755473750d2f441821021802da2a5531c66a8da404ef4e04a4a1d6a75dc3a3ab9369d2633bbe39f02d3d8b0c812e8d9
SSDEEP

49152:ZrC6qy6h+kxb0ah1KPRPGZZ5mb6h+kxb0ah1:ZrJ6lb0aupPGZe6lb0a

Score

10^/10

stealer eternity

Malware Config

Signatures

Detects Eternity stealer 1 IoCs

Processes:

resource	yara_rule
sample	eternity_stealer

Eternity family
eternity

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
cb470d483f2e191fa05cd9aa6d079760N.exe

Files

cb470d483f2e191fa05cd9aa6d079760N.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 266KB - Virtual size: 265KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.eter0
Size: 441KB - Virtual size: 441KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.eter1
Size: 173KB - Virtual size: 173KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 424KB - Virtual size: 423KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ