eternity | 3a07fecfc2d41835f93f3891ce90807895129d27487b40d00b28290753277cda | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

3a07fecfc2d41835f93f3891ce90807895129d27487b40d00b28290753277cda
Size

341KB
Sample

220930-1a1qcaehe6
MD5

2009eaf75113479d47800afa0912bc86
SHA1

21b702e6c52961658b76c9ae2a0446763b655fe7
SHA256

3a07fecfc2d41835f93f3891ce90807895129d27487b40d00b28290753277cda
SHA512

457081954a6705f1d3d934c648219f0ea16e3dd2c7af4d843c00dad132491631e6aeb7439693c88060dda9e9143b4f9141dce8aee1a0e65bff97de991ae4017b
SSDEEP

6144:ia4VhHCa1jUcLLz60VJarxFGVKbSxps19TUtTvEXcIROt3l2+C0O9:i9VhjnzBbpsQTOOyP0

Score

10^/10

eternity collection spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

3a07fecfc2d41835f93f3891ce90807895129d27487b40d00b28290753277cda.exe

Resource

win10v2004-20220901-en

eternity collection spyware stealer

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

eternity

C2

http://rlcjba7wduej3xcstcjo577eqgjsjvcjfsw4i23fqvf2y27ylylhmhad.onion

Targets

- Target
  
  3a07fecfc2d41835f93f3891ce90807895129d27487b40d00b28290753277cda
- Size
  
  341KB
- MD5
  
  2009eaf75113479d47800afa0912bc86
- SHA1
  
  21b702e6c52961658b76c9ae2a0446763b655fe7
- SHA256
  
  3a07fecfc2d41835f93f3891ce90807895129d27487b40d00b28290753277cda
- SHA512
  
  457081954a6705f1d3d934c648219f0ea16e3dd2c7af4d843c00dad132491631e6aeb7439693c88060dda9e9143b4f9141dce8aee1a0e65bff97de991ae4017b
- SSDEEP
  
  6144:ia4VhHCa1jUcLLz60VJarxFGVKbSxps19TUtTvEXcIROt3l2+C0O9:i9VhjnzBbpsQTOOyP0
Score

10^/10

eternity collection spyware stealer
- Eternity
  Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.
  eternity
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

eternitycollectionspywarestealer

© 2018-2024

Terms | Privacy