eternity | f2c11cdbce5e9d2635671ab4cc42b2749a9f919c1f25d33b4c67c8de96a0deba | Triage

Sharing

General

Target

New request.7z
Size

509KB
Sample

231120-s2wlpsgh64
MD5

e4a7428a695d05efb1341203d3a49bfd
SHA1

1bf8f57f57fdac789de2057b74db239d78d433f9
SHA256

f2c11cdbce5e9d2635671ab4cc42b2749a9f919c1f25d33b4c67c8de96a0deba
SHA512

4a71d14d278bebcc817e231eab130376733b70e1ea60108bc1b5ace1db6630bfe46131511e2c4eb26242cb0c0cea50b48e146b570067e71a34d93bc5b6fbd958
SSDEEP

12288:HGVmboUqEv1ByZcTJ0oJ8LDqew911/NpxgALpPnGiv7uwdJq9:HG+Jj+qy+cZwLRNpSA1rSF9

Score

10^/10

eternity collection persistence spyware stealer

Malware Config

Extracted

Family

eternity

C2

http://izrukvro5khcol3z7cvvdq3akeunlod2gshgn7ppo3a4jvse3z5hpiyd.onion

Targets

- Target
  
  NEW Request.exe
- Size
  
  673KB
- MD5
  
  86b8d16de595cd4af053a7a04023ff08
- SHA1
  
  5ab258b49561d90ba48d29554d6b0e3919ee8be1
- SHA256
  
  4f20841d200433a3fef4ea9392ce773b29a3cf605f3ee020c21c43199ff0b74c
- SHA512
  
  0c1bff788fedc93722c86246c2856da634631e19616b33b74bfa465c429376e1e356161f8b7bb5788347a10d7a2838e42f777c09549be0df57dc42ef2709d6d7
- SSDEEP
  
  12288:CDKtNqEvMCyZcTJ0oJFLHqewyC1/tpiFAvVRPn6Cts7:eKjjYqy+V9wDRtpoAPCCts7
Score

10^/10

eternity collection persistence spyware stealer
- Eternity
  Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.
  eternity
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

eternitycollectionpersistencespywarestealer

behavioral2

eternitycollectionpersistencespywarestealer