eternity | 822b60e36b7dd62a0cbb7ed116d23d1c63997067eeac9720547c47344b286e71 | Triage

Submit
Reports

Overview

overview

Static

static

eternity stealer.exe

windows11-21h2-x64

Sharing

General

Target

eternity stealer.exe
Size

339KB
Sample

240227-vslq9aeg77
MD5

6a6acf8c07a7e689c100d562f24dc58f
SHA1

38ed04cd73dd7aae06e77c53af19fcd5d0e490b8
SHA256

822b60e36b7dd62a0cbb7ed116d23d1c63997067eeac9720547c47344b286e71
SHA512

0fbe16a9ce38461c7772a4d6620efebfffd9092eb1aa4167bf4978f51ea8446622e6c016997c1c0c67f90305cb21ef17935a941b6348aad08ccd0a67cec6271d
SSDEEP

6144:n25U+5VffKkfuauSOqHNY5VVkzVXpz1Am3a7VpwnHO1CrMNL+LqbD8o/:n25U+55ZIVVkzVXpzX3app5L+L6

Score

10^/10

eternity collection spyware stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

eternity stealer.exe

Resource

win11-20240221-en

eternity collection spyware stealer

windows11-21h2-x64

14 signatures

1800 seconds

Malware Config

Extracted

Family

eternity

C2

http://izrukvro5khcol3z7cvvdq3akeunlod2gshgn7ppo3a4jvse3z5hpiyd.onion

Targets

- Target
  
  eternity stealer.exe
- Size
  
  339KB
- MD5
  
  6a6acf8c07a7e689c100d562f24dc58f
- SHA1
  
  38ed04cd73dd7aae06e77c53af19fcd5d0e490b8
- SHA256
  
  822b60e36b7dd62a0cbb7ed116d23d1c63997067eeac9720547c47344b286e71
- SHA512
  
  0fbe16a9ce38461c7772a4d6620efebfffd9092eb1aa4167bf4978f51ea8446622e6c016997c1c0c67f90305cb21ef17935a941b6348aad08ccd0a67cec6271d
- SSDEEP
  
  6144:n25U+5VffKkfuauSOqHNY5VVkzVXpz1Am3a7VpwnHO1CrMNL+LqbD8o/:n25U+55ZIVVkzVXpzX3app5L+L6
Score

10^/10

eternity collection spyware stealer
- Eternity
  Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.
  eternity
- Reads WinSCP keys stored on the system
  Tries to access WinSCP stored sessions.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Credentials in Registry

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

eternitycollectionspywarestealer

© 2018-2025

Terms | Privacy