eternity | 2b4e5d3e94c8ac09ca00108bd0dd3d89fe2a8246176c99b9ff39258deee5988b | Triage

Sharing

General

Target

Stealer.exe
Size

339KB
Sample

230411-w9s3bsga2s
MD5

efe82015c08d9d2b932bd105eacbf6c2
SHA1

0e0f7ea6e539f1b22ce9814614d2af63e4ba6fb8
SHA256

2b4e5d3e94c8ac09ca00108bd0dd3d89fe2a8246176c99b9ff39258deee5988b
SHA512

a45da092d71275c080feca99a9d059ff8315694551cc68966426a4dea8e4fec449b87e4881ad419d64aa6066ee5e4b8c8bb3ef12847eaa8be48f81011c65c515
SSDEEP

6144:2sKrd0d8AKkfuauSOqPSqfJDwtyfMWvmoIi+pV8vu7d8uLfCWlgpi9bRtABU5:2sKrd0d8QfJDwtQD+oIHDdptgpTBQ

Score

10^/10

eternity collection spyware stealer

Malware Config

Extracted

Family

eternity

C2

http://eternityms33k74r7iuuxfda4sqsiei3o3lbtr5cpalf6f4skszpruad.onion

Targets

- Target
  
  Stealer.exe
- Size
  
  339KB
- MD5
  
  efe82015c08d9d2b932bd105eacbf6c2
- SHA1
  
  0e0f7ea6e539f1b22ce9814614d2af63e4ba6fb8
- SHA256
  
  2b4e5d3e94c8ac09ca00108bd0dd3d89fe2a8246176c99b9ff39258deee5988b
- SHA512
  
  a45da092d71275c080feca99a9d059ff8315694551cc68966426a4dea8e4fec449b87e4881ad419d64aa6066ee5e4b8c8bb3ef12847eaa8be48f81011c65c515
- SSDEEP
  
  6144:2sKrd0d8AKkfuauSOqPSqfJDwtyfMWvmoIi+pV8vu7d8uLfCWlgpi9bRtABU5:2sKrd0d8QfJDwtQD+oIHDdptgpTBQ
Score

10^/10

eternity collection spyware stealer
- Eternity
  Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.
  eternity
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Web Service

Credential Access

Credentials in Files

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

eternitycollectionspywarestealer

behavioral2

eternitycollectionspywarestealer