eternity | 8d54a029d39b25fbf88fc27e1a7e0d04b2d4e3fe90e8a445b3ce5b4093f14b28[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

8d54a029d39b25fbf88fc27e1a7e0d04b2d4e3fe90e8a445b3ce5b4093f14b28.zip
Size

1.4MB
MD5

18aed24496c772c713d14a1e9bcddc97
SHA1

a5332cd58247c00307170f60079f4a51394751f0
SHA256

8d54a029d39b25fbf88fc27e1a7e0d04b2d4e3fe90e8a445b3ce5b4093f14b28
SHA512

1bbc75a9472b022dc24e52a20734c9e4d7e4b62f7b5e00636c47562633168c7d5015d0db6cfbd367e3542fd6a66bc85183ef8b9a90a840fc636e42a695bd2eb1
SSDEEP

24576:L6iv94ojw5o+AKeyM3v1woD0Hie41EIdgyaNI7rigF/ToQ+vKBxPpqpdnA8c:L5v9tw5oDvyMCoDAZmEIdaNYrtcQaW9/

Score

10^/10

eternity

Malware Config

Extracted

Family

eternity

Attributes

payload_urls
https://github.com/MyPrincessAkira/Jarvas/raw/main/gorm.exe

https://github.com/MyPrincessAkira/Jarvas/raw/main/Cqqjbi.exe

Extracted

Language

ps1

Source

URLs

exe.dropper

https://discord.com/api/webhooks/1207030572061429810/YCbwSoX3RSmP2FCgLJTGGO7qihDEEDzw4fc3Ryt5nF5I1-EVWYIQE9ewNP489-08kUcw

Extracted

Language

ps1

Source

URLs

exe.dropper

http://raw.githubusercontent.com/MyPrincessAkira/Jarvas/main/Cqqjbi.exe

exe.dropper

https://discord.com/api/webhooks/1207030572061429810/YCbwSoX3RSmP2FCgLJTGGO7qihDEEDzw4fc3Ryt5nF5I1-EVWYIQE9ewNP489-08kUcw

Signatures

Eternity family
eternity

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Jarvas-main/Cqqjbi.exe
unpack001/Jarvas-main/gorm.exe

Files

8d54a029d39b25fbf88fc27e1a7e0d04b2d4e3fe90e8a445b3ce5b4093f14b28.zip
.zip
Jarvas-main/Cqqjbi.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 367KB - Virtual size: 366KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Jarvas-main/README.md
Jarvas-main/dwnld_url_for_desc.txt
Jarvas-main/engagement.txt
Jarvas-main/engagement_comments.txt
Jarvas-main/gorm.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Jarvas-main/hook.dat
.ps1
Jarvas-main/injection.js
.js
Jarvas-main/pwer.dat
.ps1
Jarvas-main/update.txt
Jarvas-main/version.txt
Jarvas-main/videos_redirect.txt

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 367KB - Virtual size: 366KB

.rsrc Size: 48KB - Virtual size: 48KB

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 367KB - Virtual size: 366KB

.rsrc
Size: 48KB - Virtual size: 48KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 1.3MB - Virtual size: 1.3MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B