eternity | 31c77d6590617cb3676c0d976b78db1c41bd7fe25d8b00d366afc27dcc96c832 | Triage

Submit
Reports

Overview

overview

Static

static

eternity.exe

windows7-x64

eternity.exe

windows10-2004-x64

Sharing

General

Target

eternity.exe
Size

349KB
Sample

230630-h3gh3ahc8y
MD5

5eea7412789d4a9e83d3113ab358718c
SHA1

f974336083787f1a43801b95ad4a2f13217ec363
SHA256

31c77d6590617cb3676c0d976b78db1c41bd7fe25d8b00d366afc27dcc96c832
SHA512

5888bec3476d5bf63bec50b946dab334ddf9918049a9270fbb86c819f839eb50172371aa61b72aaa77c6800fd2fb8b2af1ecc594f7c4e183b49df820b94e9af9
SSDEEP

6144:3izwGnXj4tQvrzi/BymkfuauSOq1kSRKbz3Tqazj1dFYfjrSLKPRbMLxRBV:3izwGXj4tQvrzipGRKbz3TqK1DFKPCf

Score

10^/10

eternity collection spyware stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

eternity.exe

Resource

win7-20230621-en

eternity collection spyware stealer

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

eternity.exe

Resource

win10v2004-20230621-en

eternity collection spyware stealer

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

eternity

C2

http://eternityms33k74r7iuuxfda4sqsiei3o3lbtr5cpalf6f4skszpruad.onion

Targets

- Target
  
  eternity.exe
- Size
  
  349KB
- MD5
  
  5eea7412789d4a9e83d3113ab358718c
- SHA1
  
  f974336083787f1a43801b95ad4a2f13217ec363
- SHA256
  
  31c77d6590617cb3676c0d976b78db1c41bd7fe25d8b00d366afc27dcc96c832
- SHA512
  
  5888bec3476d5bf63bec50b946dab334ddf9918049a9270fbb86c819f839eb50172371aa61b72aaa77c6800fd2fb8b2af1ecc594f7c4e183b49df820b94e9af9
- SSDEEP
  
  6144:3izwGnXj4tQvrzi/BymkfuauSOq1kSRKbz3Tqazj1dFYfjrSLKPRbMLxRBV:3izwGXj4tQvrzipGRKbz3TqK1DFKPCf
Score

10^/10

eternity collection spyware stealer
- Eternity
  Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.
  eternity
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Web Service

Credential Access

Credentials in Files

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

eternitycollectionspywarestealer

behavioral2

eternitycollectionspywarestealer

© 2018-2025

Terms | Privacy