eternity | 3c16b60156f99fd71fb8e5d03d3ab0db7b3a32b7279d2095da22a756543bf46a | Triage

Submit
Reports

Overview

overview

Static

static

BPL_100332_063.exe

windows7-x64

BPL_100332_063.exe

windows10-2004-x64

Sharing

General

Target

3C16B60156F99FD71FB8E5D03D3AB0DB7B3A32B7279D2095DA22A756543BF46A
Size

238KB
Sample

221208-ye4lpaeb3y
MD5

d8d436c63f793b9c7c409313c1a77116
SHA1

e000cdcdfc63074124c1315c3cfa8a100b128e9d
SHA256

3c16b60156f99fd71fb8e5d03d3ab0db7b3a32b7279d2095da22a756543bf46a
SHA512

fcf33368c92ba431e3d3bf0f6df557b423cdd647bf8d5e6b26d24dcde7f9a890978b40b6bed29a354ec8c15c3247daaf450d156fb2ffb5742ff646c8b4e7102f
SSDEEP

6144:GYOTFKIihzjv1Lx4NNCQe55USsOh0QFYcbLyxjERw9/c26pnBif07WbkPOvpmA8J:K1baoC

Score

10^/10

eternity collection persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

BPL_100332_063.exe

Resource

win7-20221111-en

eternity collection persistence spyware stealer

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

BPL_100332_063.exe

Resource

win10v2004-20220812-en

eternity collection persistence spyware stealer

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

eternity

C2

http://eternityms33k74r7iuuxfda4sqsiei3o3lbtr5cpalf6f4skszpruad.onion

Targets

- Target
  
  BPL_100332_063.exe
- Size
  
  186KB
- MD5
  
  1dc08e9d37cb4471febeeac372fd8eb3
- SHA1
  
  957ca47bc57d060eadc10ba398502579f7d95739
- SHA256
  
  ebb8daca0f8313047a111e04e7a7cc7bac4566a3e0f3900b2b78af2b316b0b39
- SHA512
  
  0231bba86d283d96001d7fb9bb236f51f9c661ee51d5880e1a22e37d2fd3340ebe3d542cb99e30763b7310bdb9d01dc493b9bae0215f900522f4d07699bedd90
- SSDEEP
  
  3072:4Dkr2mOTVSUXKIihzjv1Lx4NNCQe55USsOh0QFYcbLyxjERwOI/c26pnBif07Wbn:oYOTFKIihzjv1Lx4NNCQe55USsOh0QF7
Score

10^/10

eternity collection persistence spyware stealer
- Eternity
  Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.
  eternity
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

eternitycollectionpersistencespywarestealer

behavioral2

eternitycollectionpersistencespywarestealer

© 2018-2024

Terms | Privacy