Extracted

• • Target

    65fe796ff29aa6f7fd2ec6e7fee276259371a2f0b76e62b180dabd162a161397

  • Size

    466KB

  • MD5

    3c151ed6a605746afb9d5bab9041ab8f

  • SHA1

    0f016fecf45c95d084a163e4f9fc00438fb5f32c

  • SHA256

    65fe796ff29aa6f7fd2ec6e7fee276259371a2f0b76e62b180dabd162a161397

  • SHA512

    62f5006ee122ce913959f63bf880f800a54e6d2ab73aeae5b8546b0a54366c200c131500521b7f97fc3a893b6a43f966b6e757db880563b0ea018bdff02d6a0d

  • SSDEEP

    12288:ENwGmmFE0ToU190Wf57vqd6RCP6n4mBEhB/F7fBf5U:I7mOrTo03Lqd6ybmwB/FlBU

  Score

  10^/10

  eternitycollectiondefense_evasiondiscoverypersistenceprivilege_escalationspywarestealer

  • Eternity

    Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.

    eternity

  • Eternity family

    eternity

  • Process spawned unexpected child process

    This typically indicates the parent process was compromised via an exploit or macro.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads WinSCP keys stored on the system

    Tries to access WinSCP stored sessions.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook profiles

    collection

  • Deobfuscate/Decode Files or Information

    Payload decoded via CertUtil.

    defense_evasion

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2