eternity | a0bc1875cfc85a930f69f40d2c1b66b9de3d79382b2e2c47f5ad60759944335b | Triage

Resubmissions

08/02/2023, 10:21

230208-mdm2rsac95 10

Sharing

General

Target

eternity.bin.exe
Size

335KB
Sample

230208-mdm2rsac95
MD5

5edb806bdb9c9722ef3e462c2de79387
SHA1

7f578ee428b4ea2a735c078db6ee0c567afe7d20
SHA256

a0bc1875cfc85a930f69f40d2c1b66b9de3d79382b2e2c47f5ad60759944335b
SHA512

b482726f968db6c966533737c1a996adbaceb231be8f08486ffa1607d5a65900e8a34e3781bc97a4a2b4055750a111265cc69ae366cad9d25cb8071223934b7e
SSDEEP

6144:OyO9/ci8TuAlc76woqxf8wXo/Er2Ebhvp6bRleZD:OlUiYc76wjjnrR

Score

10^/10

eternity collection spyware stealer

Malware Config

Extracted

Family

eternity

C2

http://eternityms33k74r7iuuxfda4sqsiei3o3lbtr5cpalf6f4skszpruad.onion

Targets

- Target
  
  eternity.bin.exe
- Size
  
  335KB
- MD5
  
  5edb806bdb9c9722ef3e462c2de79387
- SHA1
  
  7f578ee428b4ea2a735c078db6ee0c567afe7d20
- SHA256
  
  a0bc1875cfc85a930f69f40d2c1b66b9de3d79382b2e2c47f5ad60759944335b
- SHA512
  
  b482726f968db6c966533737c1a996adbaceb231be8f08486ffa1607d5a65900e8a34e3781bc97a4a2b4055750a111265cc69ae366cad9d25cb8071223934b7e
- SSDEEP
  
  6144:OyO9/ci8TuAlc76woqxf8wXo/Er2Ebhvp6bRleZD:OlUiYc76wjjnrR
Score

10^/10

eternity collection spyware stealer
- Eternity
  Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.
  eternity
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Web Service

Credential Access

Credentials in Files

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

eternitycollectionspywarestealer

behavioral2

eternitycollectionspywarestealer