eternity | 164df1aecac769eb2d9485abcb776f9ee55fc1e297c5b8b2bc50009e786d41b2 | Triage

Submit
Reports

Overview

overview

Static

static

newsoftwar...er.exe

windows7-x64

newsoftwar...er.exe

windows10-2004-x64

Sharing

General

Target

newsoftware-tester.exe
Size

6KB
Sample

230201-yyz3lsdf4z
MD5

d785e46b0d269b0578dcfd1b90375a6a
SHA1

d1c4a196f24f0659c29fb05e99e690c87bf6d673
SHA256

164df1aecac769eb2d9485abcb776f9ee55fc1e297c5b8b2bc50009e786d41b2
SHA512

ea93bf91f0035a2996f227e04ccca718a9a470ca477e2e5af12a5180c70c62d6efcdbfd29d40e0458baa5ebdd525b5281e342ec29d01fc6fc9173a5b625704c3
SSDEEP

96:673zsN+JBcMAiLt6NkIJmaI8RP4e/kvHxNezNt:oo+MOLtErRJcvb4

Score

10^/10

eternity purecrypter collection downloader loader spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

newsoftware-tester.exe

Resource

win7-20221111-en

eternity purecrypter collection downloader loader spyware stealer

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

newsoftware-tester.exe

Resource

win10v2004-20220901-en

eternity purecrypter collection downloader loader spyware stealer

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

purecrypter

C2

http://justnormalsite.ddns.net/SystemEnv/uploads/newsoftware-tester_Ilbiekxz.png

Extracted

Family

eternity

C2

http://eternityms33k74r7iuuxfda4sqsiei3o3lbtr5cpalf6f4skszpruad.onion

Targets

- Target
  
  newsoftware-tester.exe
- Size
  
  6KB
- MD5
  
  d785e46b0d269b0578dcfd1b90375a6a
- SHA1
  
  d1c4a196f24f0659c29fb05e99e690c87bf6d673
- SHA256
  
  164df1aecac769eb2d9485abcb776f9ee55fc1e297c5b8b2bc50009e786d41b2
- SHA512
  
  ea93bf91f0035a2996f227e04ccca718a9a470ca477e2e5af12a5180c70c62d6efcdbfd29d40e0458baa5ebdd525b5281e342ec29d01fc6fc9173a5b625704c3
- SSDEEP
  
  96:673zsN+JBcMAiLt6NkIJmaI8RP4e/kvHxNezNt:oo+MOLtErRJcvb4
Score

10^/10

eternity purecrypter collection downloader loader spyware stealer
- Detect PureCrypter injector
  loader
- Eternity
  Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.
  eternity
- PureCrypter
  PureCrypter is a .NET malware loader first seen in early 2021.
  loader downloader purecrypter
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

eternitypurecryptercollectiondownloaderloaderspywarestealer

behavioral2

eternitypurecryptercollectiondownloaderloaderspywarestealer

© 2018-2024

Terms | Privacy