6e5f7ac150e500bc95e33a16b8a6c6a80f750145fd428b16c83ec4e6f21dc957 | Triage

Submit
Reports

Overview

overview

9

Static

static

7

Eterna.exe

windows7-x64

9

Eterna.exe

windows10-2004-x64

9

Sharing

General

Target

Eterna.exe
Size

4.2MB
Sample

230320-qypymsdg32
MD5

4b16139ce122c3d0dc2c15a04b1d5110
SHA1

9e3321d739ff3813e4289d6dcb177ae3beb93eb5
SHA256

6e5f7ac150e500bc95e33a16b8a6c6a80f750145fd428b16c83ec4e6f21dc957
SHA512

1df0388665e159f2dd26536150b2cab670d9fc7f58cf686dd074dd68875ad9f9793c5139b66bf0ea621b3c41afd2503455ee66c5b71ad9b497f29cde2b8f3b4d
SSDEEP

98304:xIC4bj8JKA9CYVzVJnUxnwsipGxnP3c4+qrUrAqFjrYolcfEBNHA40lZf:WC4bAJPFVJnUxw3UlPcIUrAqFjEEbBNy

Score

9^/10

evasion persistence ransomware themida trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Eterna.exe

Resource

win7-20230220-en

evasion themida trojan

windows7-x64

9 signatures

30 seconds

Behavioral task

behavioral2

Sample

Eterna.exe

Resource

win10v2004-20230221-en

evasion persistence ransomware themida trojan

windows10-2004-x64

18 signatures

30 seconds

Malware Config

Targets

- Target
  
  Eterna.exe
- Size
  
  4.2MB
- MD5
  
  4b16139ce122c3d0dc2c15a04b1d5110
- SHA1
  
  9e3321d739ff3813e4289d6dcb177ae3beb93eb5
- SHA256
  
  6e5f7ac150e500bc95e33a16b8a6c6a80f750145fd428b16c83ec4e6f21dc957
- SHA512
  
  1df0388665e159f2dd26536150b2cab670d9fc7f58cf686dd074dd68875ad9f9793c5139b66bf0ea621b3c41afd2503455ee66c5b71ad9b497f29cde2b8f3b4d
- SSDEEP
  
  98304:xIC4bj8JKA9CYVzVJnUxnwsipGxnP3c4+qrUrAqFjrYolcfEBNHA40lZf:WC4bAJPFVJnUxw3UlPcIUrAqFjEEbBNy
Score

9^/10

evasion themida trojan persistence ransomware
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Modifies Installed Components in the registry
  persistence
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

evasionthemidatrojan

behavioral2

evasionpersistenceransomwarethemidatrojan

© 2018-2024

Terms | Privacy