eternity | 189ca1951e90f92454d9e6f451847f17d5d3e85639e474147d9d63ec529189df | Triage

Submit
Reports

Overview

overview

Static

static

1

6419a1e593...c9.exe

windows7-x64

6419a1e593...c9.exe

windows10-2004-x64

Sharing

General

Target

6419a1e59348225baafa1b58ed611fc9.exe
Size

1.5MB
Sample

231011-hdmnsahd76
MD5

6419a1e59348225baafa1b58ed611fc9
SHA1

89e4e06f33ddacf9092907bca221ad111fd4dcf1
SHA256

189ca1951e90f92454d9e6f451847f17d5d3e85639e474147d9d63ec529189df
SHA512

0d85752488eedc84c3bc858e171a1b73ffda869b14b9404e121f5a71cbb4aa64510b51a57890fe3d97ccd9beab854361e009e27e1cc4796f5d5c7bdba36c0634
SSDEEP

24576:twFgDyuHZ0uHO/dqvTrHxm/vDlDLIgNgOknWH:phHZ02O/dGc9UgbsY

Score

10^/10

eternity redline clipper infostealer spyware

Static task

static1

Behavioral task

behavioral1

Sample

6419a1e59348225baafa1b58ed611fc9.exe

Resource

win7-20230831-en

eternity redline clipper infostealer spyware

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

6419a1e59348225baafa1b58ed611fc9.exe

Resource

win10v2004-20230915-en

eternity redline clipper infostealer

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

eternity

C2

http://eternityms33k74r7iuuxfda4sqsiei3o3lbtr5cpalf6f4skszpruad.onion

Wallets

bc1q7lqwyshs9zjpxyhcvwpmfyhad4w7j08qa7yudz

0x0BE5856fBfb983d813E9C8104a9FEE482F9B1b57

Targets

- Target
  
  6419a1e59348225baafa1b58ed611fc9.exe
- Size
  
  1.5MB
- MD5
  
  6419a1e59348225baafa1b58ed611fc9
- SHA1
  
  89e4e06f33ddacf9092907bca221ad111fd4dcf1
- SHA256
  
  189ca1951e90f92454d9e6f451847f17d5d3e85639e474147d9d63ec529189df
- SHA512
  
  0d85752488eedc84c3bc858e171a1b73ffda869b14b9404e121f5a71cbb4aa64510b51a57890fe3d97ccd9beab854361e009e27e1cc4796f5d5c7bdba36c0634
- SSDEEP
  
  24576:twFgDyuHZ0uHO/dqvTrHxm/vDlDLIgNgOknWH:phHZ02O/dGc9UgbsY
Score

10^/10

eternity redline clipper infostealer spyware
- Detects Eternity clipper
  clipper
- Eternity
  Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.
  eternity
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Loads dropped DLL
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Remote System Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

eternityredlineclipperinfostealerspyware

behavioral2

eternityredlineclipperinfostealer

© 2018-2024

Terms | Privacy