eternity | e42a1f5775b6daddf2fef6bf8eb94edd4acf2bbeb6cc278b375feaba1fb030a6 | Triage

Sharing

General

Target

file.exe
Size

338KB
Sample

230108-je84vada68
MD5

642e0040f19abfd800e1d663bbf2beac
SHA1

dee05541bb1d9b17f423b6fff28dfb1f8a306b6d
SHA256

e42a1f5775b6daddf2fef6bf8eb94edd4acf2bbeb6cc278b375feaba1fb030a6
SHA512

7710a84eef58c854509612d638520cee400dd9ae33e67ad60863d998fd53c566ee12276253b8249009ccacb8b0b3f3b53169a1eb7638071a908d9907d71ed538
SSDEEP

6144:hAxuJ+/s7kFkfuauSOqv8Y/+0ueMFbrDLmYSVk/Pt6D5vT2aKQu8htbzV99DkR/3:hAxuJ+/soM/+0ueMFbrHcgQu8hBORZV

Score

10^/10

eternity collection spyware stealer

Malware Config

Extracted

Family

eternity

C2

http://eternityms33k74r7iuuxfda4sqsiei3o3lbtr5cpalf6f4skszpruad.onion

Targets

- Target
  
  file.exe
- Size
  
  338KB
- MD5
  
  642e0040f19abfd800e1d663bbf2beac
- SHA1
  
  dee05541bb1d9b17f423b6fff28dfb1f8a306b6d
- SHA256
  
  e42a1f5775b6daddf2fef6bf8eb94edd4acf2bbeb6cc278b375feaba1fb030a6
- SHA512
  
  7710a84eef58c854509612d638520cee400dd9ae33e67ad60863d998fd53c566ee12276253b8249009ccacb8b0b3f3b53169a1eb7638071a908d9907d71ed538
- SSDEEP
  
  6144:hAxuJ+/s7kFkfuauSOqv8Y/+0ueMFbrDLmYSVk/Pt6D5vT2aKQu8htbzV99DkR/3:hAxuJ+/soM/+0ueMFbrHcgQu8hBORZV
Score

10^/10

eternity collection spyware stealer
- Eternity
  Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.
  eternity
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Web Service

Credential Access

Credentials in Files

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

eternitycollectionspywarestealer

behavioral2

eternitycollectionspywarestealer