eternity | c6f7f887955a0197629ba4e014e64bce3367a20b3324b9f1c9e6f628fcbcb38d | Triage

Sharing

General

Target

cryptedcollector.exe
Size

550KB
Sample

230901-knrrlaea87
MD5

1a53c6627f5d0b884ddd913f4efc7902
SHA1

2f9345df20cb4bb26eeb891e075a3bbec8d99ed0
SHA256

c6f7f887955a0197629ba4e014e64bce3367a20b3324b9f1c9e6f628fcbcb38d
SHA512

bd0f00086f82ec3a9935fa65423ff310f13c3b96e43adc5a890ef29d9400d7e922080ec597641493bce703b4b723b2b3a09b5ed675890c4721fe1e6c07506ac3
SSDEEP

12288:eqHJxrerpINrUhpujRrLCrsPwKW/JFJGdXJaev:VbQpURrLCrsPwp/JgXQ

Score

10^/10

eternity collection

Malware Config

Extracted

Family

eternity

C2

http://eternityms33k74r7iuuxfda4sqsiei3o3lbtr5cpalf6f4skszpruad.onion

Targets

- Target
  
  cryptedcollector.exe
- Size
  
  550KB
- MD5
  
  1a53c6627f5d0b884ddd913f4efc7902
- SHA1
  
  2f9345df20cb4bb26eeb891e075a3bbec8d99ed0
- SHA256
  
  c6f7f887955a0197629ba4e014e64bce3367a20b3324b9f1c9e6f628fcbcb38d
- SHA512
  
  bd0f00086f82ec3a9935fa65423ff310f13c3b96e43adc5a890ef29d9400d7e922080ec597641493bce703b4b723b2b3a09b5ed675890c4721fe1e6c07506ac3
- SSDEEP
  
  12288:eqHJxrerpINrUhpujRrLCrsPwKW/JFJGdXJaev:VbQpURrLCrsPwp/JgXQ
Score

10^/10

eternity collection
- Eternity
  Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.
  eternity
- Accesses Microsoft Outlook profiles
  collection
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

eternitycollection

behavioral2

eternitycollection