Extracted

• • Target

    74d4b3a942ee4b71677bad6e45f6593a360c2cbb79adbe43d1757d2ccf185376

  • Size

    89KB

  • MD5

    64321ee124082f3cc0b5cfb83a52da9e

  • SHA1

    65aee9f80515510cc2374b00f00c20f9e8824353

  • SHA256

    74d4b3a942ee4b71677bad6e45f6593a360c2cbb79adbe43d1757d2ccf185376

  • SHA512

    6073e20c8850127c3e16d061aa0a05857dd83c6d4eb6a7bcaf51c4829daa9924fe957f6ad7fa92e7026ebb78b11b94f107ab958e7e76b18361badf93defb419f

  • SSDEEP

    1536:D7fPGykbOqjoHm4pICdfkLtAfupcWX50MxFY+yIOlnToIf6x+OV:fq6+ouCpk2mpcWJ0r+QNTBf6R

  Score

  10^/10

  eternitycollectionpersistencespywarestealer

  • Eternity

    Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.

    eternity

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Drops startup file

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Adds Run key to start application

    persistence

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2