eternity | cd72f8f3af6f9d098b3da55db5f7869ab75ec679e0c302f790faffc0fa6c47b5 | Triage

Submit
Reports

Overview

overview

Static

static

3

869395ac2a...18.exe

windows7-x64

869395ac2a...18.exe

windows10-2004-x64

Sharing

General

Target

869395ac2a88f6de036daf942d0b86d9_JaffaCakes118
Size

913KB
Sample

241102-vnj2vszfke
MD5

869395ac2a88f6de036daf942d0b86d9
SHA1

42fbe6f668153bcb850c13677efe924e835c229f
SHA256

cd72f8f3af6f9d098b3da55db5f7869ab75ec679e0c302f790faffc0fa6c47b5
SHA512

e2e8492442edcfec16553def0cae3361f744bc8f095b4863dbc745ac3e72c75e1be83bbb0bb69da4f74fcaaba2b35123222706508c0d1f0e05e22cbcb75390d9
SSDEEP

24576:rMYtHtnX4mHxjdibimBr4aOCZv4NPjgcwmIlSklG9:dtHtnX4mHObiMr4HCZvRzlJl

Score

10^/10

eternity evasion stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

869395ac2a88f6de036daf942d0b86d9_JaffaCakes118.exe

Resource

win7-20240903-en

eternity evasion stealer trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

869395ac2a88f6de036daf942d0b86d9_JaffaCakes118.exe

Resource

win10v2004-20241007-en

eternity evasion stealer trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  869395ac2a88f6de036daf942d0b86d9_JaffaCakes118
- Size
  
  913KB
- MD5
  
  869395ac2a88f6de036daf942d0b86d9
- SHA1
  
  42fbe6f668153bcb850c13677efe924e835c229f
- SHA256
  
  cd72f8f3af6f9d098b3da55db5f7869ab75ec679e0c302f790faffc0fa6c47b5
- SHA512
  
  e2e8492442edcfec16553def0cae3361f744bc8f095b4863dbc745ac3e72c75e1be83bbb0bb69da4f74fcaaba2b35123222706508c0d1f0e05e22cbcb75390d9
- SSDEEP
  
  24576:rMYtHtnX4mHxjdibimBr4aOCZv4NPjgcwmIlSklG9:dtHtnX4mHObiMr4HCZvRzlJl
Score

10^/10

eternity evasion stealer trojan
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- Detects Eternity stealer
  stealer
- Eternity
  Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.
  eternity
- Eternity family
  eternity
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Windows security modification
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

eternityevasionstealertrojan

behavioral2

eternityevasionstealertrojan

© 2018-2024

Terms | Privacy