EternityStealer

Eternity Stealer .NET 63KB PE32. Confirmed by Eternity.exe internal string. ConfuserEx obfuscation (random namespace nhqiftpausgcgynnttjgxfqhlzyzmrh). AES-CBC encryption via AesCryptoServiceProvider + ICryptoTransform. Win32Clipboard + Clipboard Manager u003d cryptocurrency clipboard hijacking (replaces BTC/ETH addresses). Future timestamp u003d cracked builder distributed on forums. Multiple Base64 encoding

Threat Profile
Type Infostealer
Programming Language.NET/C#
C2 ProtocolHTTP/C2
First Seen2022
Targets Kuresel
Purpose / Capabilities
  • Credential Theft/Clipboard Hijack/Infostealer
No C2 servers have been identified for this family yet.

Research Reports (1)

High

EternityStealer 025e74a9 -- Eternity.exe Confirmed ConfuserEx AES Sifreleme Win32Clipboard Pano Hijack BTC ETH Kripto Degistirme AesCryptoServiceProvider ICryptoTransform | Yuksek

EternityStealer 025e74a9 .NET PE32 x86 63KB. Eternity.exe string ile onay. ConfuserEx obfuskasyon. AesCryptoServiceProvider AES-CBC. Win32Clipboard + Clipboard Manager BTC pano hijack.

Read Report →