eternity | ffb46e1539df5512e0710ea41370077f07eebddfb8e99033eba3fb1aefb04bc3 | Triage

Submit
Reports

Overview

overview

Static

static

Booking_026.xlsm

windows7-x64

Booking_026.xlsm

windows10-2004-x64

Sharing

General

Target

Booking_026.xlsm
Size

1.2MB
Sample

230111-smedwadc94
MD5

f2736bb56b73534ce57add5454f42b8f
SHA1

273d466b07ffb107b2579571be093dacbd12f493
SHA256

ffb46e1539df5512e0710ea41370077f07eebddfb8e99033eba3fb1aefb04bc3
SHA512

55ef2b0bd23f06e01d53b5f2056f61f94e96751d6340c3731f52e11d383fc7ef03d554779961524afe4169c971534df96960c698043647db407fb8858b002ed6
SSDEEP

24576:2ojjzzhyHX9gTt+pb9sUjFW9nfQ3ASh++q5d6IZLRDiiW7jaVxOldI41a:tbzsOt+R9To9I3Yx5d6IZVeT7mVolmIa

Score

10^/10

eternity collection spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

Booking_026.xlsm

Resource

win7-20220812-en

eternity collection spyware stealer

windows7-x64

22 signatures

150 seconds

Behavioral task

behavioral2

Sample

Booking_026.xlsm

Resource

win10v2004-20221111-en

eternity collection spyware stealer

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

eternity

C2

http://eternityms33k74r7iuuxfda4sqsiei3o3lbtr5cpalf6f4skszpruad.onion

Targets

- Target
  
  Booking_026.xlsm
- Size
  
  1.2MB
- MD5
  
  f2736bb56b73534ce57add5454f42b8f
- SHA1
  
  273d466b07ffb107b2579571be093dacbd12f493
- SHA256
  
  ffb46e1539df5512e0710ea41370077f07eebddfb8e99033eba3fb1aefb04bc3
- SHA512
  
  55ef2b0bd23f06e01d53b5f2056f61f94e96751d6340c3731f52e11d383fc7ef03d554779961524afe4169c971534df96960c698043647db407fb8858b002ed6
- SSDEEP
  
  24576:2ojjzzhyHX9gTt+pb9sUjFW9nfQ3ASh++q5d6IZLRDiiW7jaVxOldI41a:tbzsOt+R9To9I3Yx5d6IZVeT7mVolmIa
Score

10^/10

eternity collection spyware stealer
- Eternity
  Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.
  eternity
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Web Service

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

eternitycollectionspywarestealer

behavioral2

eternitycollectionspywarestealer

© 2018-2025

Terms | Privacy