eternity

General

Target

Silvestras Premium Proxy.zip
Size

4.6MB
Sample

250102-gyzneaxlfx
MD5

c896589cb776f360eb2b6f145f3f53f2
SHA1

5660dfaeeda5ff7594b8b3ea68e290331364b33a
SHA256

e2309c682f782d178c25ed497026f05e6528bf3de4869ac7d7530a6360895592
SHA512

c1c12a77f8bdb89a8a5e442317444e087513b66321822961b14e2c63818932ed6d36b3dd1057622c03325d7085488199e2243d3f5b3f92f3d15d5fefa7edb20b
SSDEEP

98304:jNQB3kVkq8KsLyQgIElkFF2dDix2dfPkDgvm3mDWx7ykyUQ:jNZkqxsW+FU1I6fcDYWVyUQ

Score

10^/10

Malware Config

Targets

- Target
  
  Silvestras Premium Proxy.zip
- Size
  
  4.6MB
- MD5
  
  c896589cb776f360eb2b6f145f3f53f2
- SHA1
  
  5660dfaeeda5ff7594b8b3ea68e290331364b33a
- SHA256
  
  e2309c682f782d178c25ed497026f05e6528bf3de4869ac7d7530a6360895592
- SHA512
  
  c1c12a77f8bdb89a8a5e442317444e087513b66321822961b14e2c63818932ed6d36b3dd1057622c03325d7085488199e2243d3f5b3f92f3d15d5fefa7edb20b
- SSDEEP
  
  98304:jNQB3kVkq8KsLyQgIElkFF2dDix2dfPkDgvm3mDWx7ykyUQ:jNZkqxsW+FU1I6fcDYWVyUQ
Score

10^/10

eternity evasion execution spyware stealer trojan
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- Detects Eternity stealer
  stealer
- Eternity
  Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.
  eternity
- Eternity family
  eternity
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Disables Task Manager via registry modification
  evasion
- Drops file in Drivers directory
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
behavioral1 behavioral2
- Target
  
  Silviozas Premium Proxy V3.85984.exe
- Size
  
  5.0MB
- MD5
  
  628f62f1001ff7705103ab9f5ef5ffd1
- SHA1
  
  6748a7dc711fdcf2787f8634a0287ea382cbd690
- SHA256
  
  59f927e858a8cdf2330099c7b18b3f74bc6616d67b11e174aab539bd7aff067a
- SHA512
  
  6eb4d989dff77528b86c866fe63c088e3c3b67bc01c5017cd9a814aebee96bfd49982d760a093371a2529ef9ee84b65194f98c3ba4f4d11a7e120725d65129c2
- SSDEEP
  
  98304:SrjYFpk1kqeK+h2qwqYNorcrLEtwZJJuRWpAFyFSB76Z:C9kqX+QmrcrLm4JMRuS8
Score

10^/10

eternity evasion execution spyware stealer trojan discovery
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- Detects Eternity stealer
  stealer
- Eternity
  Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.
  eternity
- Eternity family
  eternity
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Disables Task Manager via registry modification
  evasion
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
behavioral3 behavioral4