eternity | 1df7648628928e1cf733752fbae71f4e7cfe29905afbae07e00b69a1486389da | Triage

Sharing

General

Target

MSBuild_noOVL.exe
Size

3.5MB
Sample

230419-qg73wsaf84
MD5

ecc34abde648889eef323e1e38147af9
SHA1

70d66b5ca455b91dcbf8b132cbf9e68426aec497
SHA256

1df7648628928e1cf733752fbae71f4e7cfe29905afbae07e00b69a1486389da
SHA512

01b3f7ea80582777af28357fc1ef9f5d02c53431bf2e0510d67be8cff90822345b4747ed5d728f89a3d52be57d172fd433737c10ab41a8d24d5952059d689b31
SSDEEP

98304:JPr9NE6RvlhQFqUeOy9otyCpFFydaqzG9:JPIivl6wzOzACpbyy

Score

10^/10

eternity collection

Malware Config

Extracted

Family

eternity

C2

http://eternityms33k74r7iuuxfda4sqsiei3o3lbtr5cpalf6f4skszpruad.onion

Targets

- Target
  
  MSBuild_noOVL.exe
- Size
  
  3.5MB
- MD5
  
  ecc34abde648889eef323e1e38147af9
- SHA1
  
  70d66b5ca455b91dcbf8b132cbf9e68426aec497
- SHA256
  
  1df7648628928e1cf733752fbae71f4e7cfe29905afbae07e00b69a1486389da
- SHA512
  
  01b3f7ea80582777af28357fc1ef9f5d02c53431bf2e0510d67be8cff90822345b4747ed5d728f89a3d52be57d172fd433737c10ab41a8d24d5952059d689b31
- SSDEEP
  
  98304:JPr9NE6RvlhQFqUeOy9otyCpFFydaqzG9:JPIivl6wzOzACpbyy
Score

10^/10

collection eternity
- Eternity
  Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.
  eternity
- Accesses Microsoft Outlook profiles
  collection
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

eternitycollection