eternity | Stealer[.]exe[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Stealer.exe.bin
Size

334KB
MD5

6c8ada1a13e523ce6a738263937b6e93
SHA1

e4e518d747ca28d4bf706ce958e5210937021382
SHA256

7425b4cb21ead41ef099c7b4e0c049f50114231c8a87db2814ab2b2ff648bbbb
SHA512

e37ce97c4cd8ef0bde5f9fa04adba8073d8f49d99717aa2ee9100ce461e299d00fe95c8eba10a9200e533de5891bb5513fabfe756ca9ec5c25c7754631e9f97a
SSDEEP

6144:wRvNXbJ2Hrv1uq5T/0O6giAnevv/16cZeSb5w5Sgb7:wRvNLJ6jVnuZ49t

Score

10^/10

eternity

Malware Config

Extracted

Family

eternity

C2

http://eternityms33k74r7iuuxfda4sqsiei3o3lbtr5cpalf6f4skszpruad.onion

Signatures

Eternity family
eternity

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Stealer.exe.bin

Files

Stealer.exe.bin
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 331KB - Virtual size: 331KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ