eternity

Sharing

Copy URL

Twitter E-mail

General

Target

8d54a029d39b25fbf88fc27e1a7e0d04b2d4e3fe90e8a445b3ce5b4093f14b28.zip
Size

1.4MB
Sample

250315-dpsxqaxnw3
MD5

18aed24496c772c713d14a1e9bcddc97
SHA1

a5332cd58247c00307170f60079f4a51394751f0
SHA256

8d54a029d39b25fbf88fc27e1a7e0d04b2d4e3fe90e8a445b3ce5b4093f14b28
SHA512

1bbc75a9472b022dc24e52a20734c9e4d7e4b62f7b5e00636c47562633168c7d5015d0db6cfbd367e3542fd6a66bc85183ef8b9a90a840fc636e42a695bd2eb1
SSDEEP

24576:L6iv94ojw5o+AKeyM3v1woD0Hie41EIdgyaNI7rigF/ToQ+vKBxPpqpdnA8c:L5v9tw5oDvyMCoDAZmEIdaNYrtcQaW9/

Score

10^/10

Malware Config

Extracted

Family

eternity

Attributes

payload_urls
https://github.com/MyPrincessAkira/Jarvas/raw/main/gorm.exe

https://github.com/MyPrincessAkira/Jarvas/raw/main/Cqqjbi.exe

Extracted

Language

ps1

Source

URLs

exe.dropper

https://discord.com/api/webhooks/1207030572061429810/YCbwSoX3RSmP2FCgLJTGGO7qihDEEDzw4fc3Ryt5nF5I1-EVWYIQE9ewNP489-08kUcw

Extracted

Language

ps1

Source

URLs

exe.dropper

http://raw.githubusercontent.com/MyPrincessAkira/Jarvas/main/Cqqjbi.exe

exe.dropper

https://discord.com/api/webhooks/1207030572061429810/YCbwSoX3RSmP2FCgLJTGGO7qihDEEDzw4fc3Ryt5nF5I1-EVWYIQE9ewNP489-08kUcw

Targets

- Target
  
  Jarvas-main/Cqqjbi.exe
- Size
  
  416KB
- MD5
  
  f0d8688ee72d2bda8dbc82563a9511fc
- SHA1
  
  99a2ef9db16fecaf7f07b32aa057ad612cc9d5a5
- SHA256
  
  f92b82665c20cc5e14ddef049054a1d20527ca1792257b7b55dfc8bdd1431777
- SHA512
  
  074ca9c6cf7eb4e7a0cd1fd89f8d0f902fa4e648d2de19dac3a158121194704ae33f390bfb2bff8cc20072dead667ea591db343e2678ba91e2e05c020b2e1a37
- SSDEEP
  
  3072:f5RZ0+rDnojLQehENzR/eWlw/TH+zDinbs4hnwILH0k2n7GD/tkZVF1D9G9qqCgk:f51DCQeSNzxtMSKUpqCAgGncXX/
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  Jarvas-main/gorm.exe
- Size
  
  1.3MB
- MD5
  
  e020297532c6bebd274d2099004c6c44
- SHA1
  
  62f7a2ed064f229d7c7ecc97132c8f77c0b879d6
- SHA256
  
  9e6169cc585a6e6ecbcc1f8acab931e85d89409b1db6853b1bf6de228e57bf81
- SHA512
  
  2fddb9daa09bf66486f7172710f272a4349c546724544fa90a82ecf478efcc1d72deb36caa0bf1bdfc56a88081d07eeed1fb0364ec6cac50af09ae83a026c7e4
- SSDEEP
  
  24576:3ZkH+O5MMsj/8oJ0HOgwzMIdEyaXC772Q9NXw2/wPOjdGxY:3mHZ5MMpoJOp+MIVai7Tq24GjdGS
Score

10^/10

eternity discovery
- Eternity
  Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.
  eternity
- Eternity family
  eternity
behavioral3 behavioral4
- Target
  
  Jarvas-main/hook.dat
- Size
  
  952B
- MD5
  
  e979804043a21c7ad61caf42cb1aca09
- SHA1
  
  0dd7c61250f4b8376ef53296e1ac2e9020277f0d
- SHA256
  
  aa0b85d331e09570ca1523f674c7f69dc7e6f1ea2019530c4316bf48d4496261
- SHA512
  
  e0d9e6bcedfacc47a80c1403068baf3c5c29126652c5f683bb3b52a34f3f061a9d89d76b9a10b1da72e623e3a140ddc1781fe34372d1b492f1050756beb9aaea
Score

8^/10

execution
- Blocklisted process makes network request
- Legitimate hosting services abused for malware hosting/C2
behavioral5 behavioral6
- Target
  
  Jarvas-main/injection.js
- Size
  
  29KB
- MD5
  
  9e83c3a899236ccc30ded8eae1eea049
- SHA1
  
  3c495c862392c56ea2fcbf63ecaab90bb5b7ab86
- SHA256
  
  8fb880c1abbae06767a975b0d3405539a777a35375a678c594c906616fc111af
- SHA512
  
  563b76895a30875add278f18c7f7c24ee00ad229d4f026096d39a57fe68549ada826d4f1725e43e14aad1fab8788017077199526fe5e89942a538c4679a861d6
- SSDEEP
  
  768:DlHz9ME3yRxF+0OoYhHgrxUuXro/zQqOnQn+nJnwnf+:JHiR0Ar/rXQ+Jwf+
Score

3^/10

execution
behavioral7 behavioral8
- Target
  
  Jarvas-main/pwer.dat
- Size
  
  803B
- MD5
  
  057991cdd74c99f85826bd50f42b005e
- SHA1
  
  5fcebeb2f7b5cbaad96f9c856982a113a8c2a2a5
- SHA256
  
  189d277a659f40821575c8cd6d4765c80cf1320c3eb52c96954d66b6320c7a5f
- SHA512
  
  19b989ccb9145eb70fddf59a0300d37bb3d327e736deab42233b9cd50e90daa0720d6dab615e8edaf3ce42587bcb83566854f8b8c7a07df5d6c716e6eb6a2326
Score

8^/10

discovery execution
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral10 behavioral9

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Targets

Eternity family

Blocklisted process makes network request

Legitimate hosting services abused for malware hosting/C2

Blocklisted process makes network request

Downloads MZ/PE file

Executes dropped EXE

Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10