eternity | dfc14db8ebe89dab82aaf1476fd573acf91fab5c7a048320f9f7aa68193fceef | Triage

Sharing

General

Target

dfc14db8ebe89dab82aaf1476fd573acf91fab5c7a048320f9f7aa68193fceef
Size

1.1MB
Sample

230225-2q6f7seh27
MD5

e7e45fb3d4899b886214f926b4ac845d
SHA1

e6c7291d8e2e6bfa2e45cf1c846a64638b90b64e
SHA256

dfc14db8ebe89dab82aaf1476fd573acf91fab5c7a048320f9f7aa68193fceef
SHA512

f092d98608f7283f1fd4a3b87d42ffb13be181b3c9d3ff1bddef8681098a5767dc2b5a9d3b641fb706e6f84fcb0bbbf4f4889f9e1c275651105d66c871e0b11e
SSDEEP

24576:EdIz687AJq0zp+n5SJ4esrcqsV4D/140Wkog5pW1/9YCRj:1nn5S2esZsV840Wc5pEYCRj

Score

10^/10

eternity collection spyware stealer

Malware Config

Extracted

Family

eternity

C2

http://eternityms33k74r7iuuxfda4sqsiei3o3lbtr5cpalf6f4skszpruad.onion

Targets

- Target
  
  dfc14db8ebe89dab82aaf1476fd573acf91fab5c7a048320f9f7aa68193fceef
- Size
  
  1.1MB
- MD5
  
  e7e45fb3d4899b886214f926b4ac845d
- SHA1
  
  e6c7291d8e2e6bfa2e45cf1c846a64638b90b64e
- SHA256
  
  dfc14db8ebe89dab82aaf1476fd573acf91fab5c7a048320f9f7aa68193fceef
- SHA512
  
  f092d98608f7283f1fd4a3b87d42ffb13be181b3c9d3ff1bddef8681098a5767dc2b5a9d3b641fb706e6f84fcb0bbbf4f4889f9e1c275651105d66c871e0b11e
- SSDEEP
  
  24576:EdIz687AJq0zp+n5SJ4esrcqsV4D/140Wkog5pW1/9YCRj:1nn5S2esZsV840Wc5pEYCRj
Score

10^/10

eternity collection spyware stealer
- Eternity
  Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.
  eternity
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Web Service

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

eternitycollectionspywarestealer

behavioral2

eternitycollectionspywarestealer