eternity | Stealer[.]exe | Triage

Sharing

General

Target

Stealer.exe
Size

335KB
MD5

841ce3b003ee2d41c5c6b53a983f31c1
SHA1

5127475b042a5aaa8ac869d7024082d701a71aad
SHA256

a5321ffc44084cba8e5bedc4fe98bc151b5f90a01192fa8d695ffcb0c8363ebd
SHA512

18bf3713cf4d2e23346a70801918b5df4c7cf6d10bda15aba64b92881c5d2b66dfa0bc2f8524e031bb7fc739cdc5177c217f12213083f5cbe0d117632bd7e6a6
SSDEEP

6144:AwzO189USPgbr8zExVQQdCZiBeB5y0vN4t/xZAbANK:AwzO18CS4xCZi70F8

Score

10^/10

eternity

Malware Config

Extracted

Family

eternity

C2

http://eternityms33k74r7iuuxfda4sqsiei3o3lbtr5cpalf6f4skszpruad.onion

Signatures

Eternity family
eternity

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Stealer.exe

Files

Stealer.exe
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 332KB - Virtual size: 331KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ