MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8d54a029d39b25fbf88fc27e1a7e0d04b2d4e3fe90e8a445b3ce5b4093f14b28. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


EternityStealer


Vendor detections: 7


Intelligence 7 IOCs YARA 25 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8d54a029d39b25fbf88fc27e1a7e0d04b2d4e3fe90e8a445b3ce5b4093f14b28
SHA3-384 hash: 3599843d7505385a53a3f402009df3c4998b4df3c7d50e0b5076573fa52ac03057922670a0f1f0340aeed2408169bb34
SHA1 hash: a5332cd58247c00307170f60079f4a51394751f0
MD5 hash: 18aed24496c772c713d14a1e9bcddc97
humanhash: single-oranges-twelve-island
File name:Jarvas-main.zip
Download: download sample
Signature EternityStealer
Create hunting rule
File size:1'463'470 bytes
First seen:2025-03-14 12:34:52 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:L6iv94ojw5o+AKeyM3v1woD0Hie41EIdgyaNI7rigF/ToQ+vKBxPpqpdnA8c:L5v9tw5oDvyMCoDAZmEIdaNYrtcQaW9/
TLSH T1956533C8A83AC814AEE0F85D95E4006C159A4C3CB5497FBA46B871F89C5DC4F0E676BF
Magika zip
Reporter JAMESWT_WT
Tags:EternityStealer MyPrincessAkira-Jarvas zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
IT IT
File Archive Information

This file archive contains 11 file(s), sorted by their relevance:

File name:Cqqjbi.exe
File size:426'496 bytes
SHA256 hash: f92b82665c20cc5e14ddef049054a1d20527ca1792257b7b55dfc8bdd1431777
MD5 hash: f0d8688ee72d2bda8dbc82563a9511fc
MIME type:application/x-dosexec
Signature EternityStealer
File name:pwer.dat
File size:803 bytes
SHA256 hash: 189d277a659f40821575c8cd6d4765c80cf1320c3eb52c96954d66b6320c7a5f
MD5 hash: 057991cdd74c99f85826bd50f42b005e
MIME type:text/plain
Signature EternityStealer
File name:gorm.exe
File size:1'354'240 bytes
SHA256 hash: 9e6169cc585a6e6ecbcc1f8acab931e85d89409b1db6853b1bf6de228e57bf81
MD5 hash: e020297532c6bebd274d2099004c6c44
MIME type:application/x-dosexec
Signature EternityStealer
File name:update.txt
File size:27 bytes
SHA256 hash: 397859f15bacdab0713bfa7dad0fac0d76ad80a0e6011d46b1406a0739818aa9
MD5 hash: 7ed9f84704a76e40b3db20e96424587f
MIME type:text/plain
Signature EternityStealer
File name:engagement.txt
File size:1'318 bytes
SHA256 hash: 2c5e04c4295a54f1e9544daee802d0ed9256c78dbc4db38b1cf6341229f23f19
MD5 hash: 7f3dbd45bda36caed46473a01c4e044d
MIME type:text/plain
Signature EternityStealer
File name:README.md
File size:92 bytes
SHA256 hash: 6faaca645a7bb4346033a31afffe2bef3e6c829b280d2211dc17f612a8ea2339
MD5 hash: 5ad4de33c0a6796a1e22ae9697b87f2b
MIME type:text/plain
Signature EternityStealer
File name:engagement_comments.txt
File size:1'953 bytes
SHA256 hash: 3dc6b6e9d68915fa4abc4321be90137de4fab8e99aa502669fa22b39709ba0f4
MD5 hash: af8733b1f5da16128693b43614377eca
MIME type:text/plain
Signature EternityStealer
File name:hook.dat
File size:952 bytes
SHA256 hash: aa0b85d331e09570ca1523f674c7f69dc7e6f1ea2019530c4316bf48d4496261
MD5 hash: e979804043a21c7ad61caf42cb1aca09
MIME type:text/plain
Signature EternityStealer
File name:dwnld_url_for_desc.txt
File size:29 bytes
SHA256 hash: 502c23cbcdcaf52c7cb41a653a25ae915cc241ec5feffe35c9b7f7844462ce42
MD5 hash: 67c688997b7702afc76b7194c284370f
MIME type:text/plain
Signature EternityStealer
File name:videos_redirect.txt
File size:325 bytes
SHA256 hash: 9e3f8c11046f18a290712737730d062629bdb729c9139d6ee434bdb4324cb654
MD5 hash: 1555f286792e59867ac598688b677e86
MIME type:text/plain
Signature EternityStealer
File name:injection.js
File size:30'185 bytes
SHA256 hash: 8fb880c1abbae06767a975b0d3405539a777a35375a678c594c906616fc111af
MD5 hash: 9e83c3a899236ccc30ded8eae1eea049
MIME type:text/x-c++
Signature EternityStealer
Vendor Threat Intelligence
Verdict:
Malicious
Score:
99.1%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67d4258708116ce425712823
Tags:
agenttesla virus msil
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
hacktool obfuscated obfuscated packed packed packer_detected
Link:
https://www.filescan.io/uploads/67d4228801edd28374afceb0/reports/25acee8f-d42e-487b-9d0a-20a1e0155805/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/8d54a029d39b25fbf88fc27e1a7e0d04b2d4e3fe90e8a445b3ce5b4093f14b28
Score:
100%
Verdict:
Malware
File Type:
ARCHIVE
Link:
https://malprob.io/report/8d54a029d39b25fbf88fc27e1a7e0d04b2d4e3fe90e8a445b3ce5b4093f14b28
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8d54a029d39b25fbf88fc27e1a7e0d04b2d4e3fe90e8a445b3ce5b4093f14b28/
Threat name:
ByteCode-MSIL.Backdoor.Remcos
Create hunting rule
Status:
Malicious
First seen:
2025-03-14 12:28:34 UTC
File Type:
Binary (Archive)
Extracted files:
30
AV detection:
21 of 24 (87.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=rvkkakottms7x6epyj7bu7qnasznjy76sdukirntzznube7rjmua._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/8d54a029d39b25fbf88fc27e1a7e0d04b2d4e3fe90e8a445b3ce5b4093f14b28

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:detect_powershell
Create hunting rule
Author:daniyyell
Description:Detects suspicious PowerShell activity related to malware execution
Rule name:Detect_PowerShell_Obfuscation
Create hunting rule
Author:daniyyell
Description:Detects obfuscated PowerShell commands commonly used in malicious scripts.
Rule name:Disable_Defender
Create hunting rule
Author:iam-py-test
Description:Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen
Rule name:Discord_APIs
Create hunting rule
Rule name:dsc
Create hunting rule
Author:Aaron DeVera
Description:Discord domains
Rule name:MALW_JS_PirateStealerPKG
Create hunting rule
Author:skyeto
Description:PirateStealer Malware
Reference:https://twitter.com/skyetothefox/status/1444442313367998467
Rule name:NET
Create hunting rule
Author:malware-lu
Rule name:NETexecutableMicrosoft
Create hunting rule
Author:malware-lu
Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash
Rule name:Suspicious_Latam_MSI_and_ZIP_Files
Create hunting rule
Author:eremit4, P4nd3m1cb0y
Description:Detects suspicious .msi and .zip files used in Latam banking trojan campaigns.
Rule name:Sus_Obf_Enc_Spoof_Hide_PE
Create hunting rule
Author:XiAnzheng
Description:Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)
Rule name:win_Eternity
Create hunting rule
Author:0xToxin
Description:Eternity function routines

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

EternityStealer

zip 8d54a029d39b25fbf88fc27e1a7e0d04b2d4e3fe90e8a445b3ce5b4093f14b28

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3476753/
  
Delivery method
Distributed via web download

Comments