General
-
Target
GrowPai_Inzernal.zip
-
Size
5.4MB
-
Sample
230331-x7emlaeb6x
-
MD5
4f8e42bd4e77183e4a9896a6bae601a0
-
SHA1
d0c0ec25836db3da471ac3f33784fdeef4e149d2
-
SHA256
19431158b6c3639b4a538195609c9014ac6831c281d135eead1c81562f5e609b
-
SHA512
7a12ecd919e025fd151f842ec377432aaaf24c0fd94f2b9226f1f80ef1eb315821557177515ba1c6a31ed6b6b0e388c4077ffa71af20b2df070d57025d2fb039
-
SSDEEP
98304:K58IkT6ivhtMr/Evi5p1S4Pp78aM/SxCF0AD+Xm22Ruhy4zpnup7ALy:KJGLJWrqsS4Pp78ahCF0AD+2RuSiLy
Behavioral task
behavioral1
Sample
GrowPai Inzernal/GrowPai_V4.19.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
GrowPai Inzernal/GrowPai_V4.19.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral3
Sample
GrowPai Inzernal/Growpai.dll
Resource
win7-20230220-en
Malware Config
Targets
-
-
Target
GrowPai Inzernal/GrowPai_V4.19.exe
-
Size
888KB
-
MD5
ecab04fb9700a9158635b488fdfe8756
-
SHA1
c06c88ea67fe002d5b4bccb7259c57976c279678
-
SHA256
dd6c691a0e88926762ef23e6934c34bec6631c5931c22362faa7da7185a54458
-
SHA512
7e439b9ea3d0a83e9435d4fe68e49bdfce4d98e28c1c6006284d4a07aa696ef44d2d7364a13bc4cac25508a586b98b1d3ae7ed1b799b2762a247042639b61b9d
-
SSDEEP
12288:2TEYAsROAsrt/uxduo1jB0Y96qUmC9uyvvX0Dux6zCim8Tt:2wT7rC6qU59uyHEDuYm8Tt
-
Detects Eternity stealer
-
Eternity
Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.
-
Executes dropped EXE
-
-
-
Target
GrowPai Inzernal/Growpai.dll
-
Size
4.8MB
-
MD5
7f3c2aed44eb710ed0f624f3d4bb665e
-
SHA1
8389c33e975681201900eab75b4d8d34fca52000
-
SHA256
b08d00a9eba33a30059541904152d59655c7354316966fdd58090aae59958dd3
-
SHA512
82fa8eefb4d9086bab8995d4586f73022f4e90170b1f758909f2c6d564c82f35e12fcda6aa1b514c0ea2d21ef356376a1229aae71217a591194eb3b015c7c115
-
SSDEEP
98304:4FSydiu3WTYUHPFH7DKIE0hTBs4hQl2aRa5pi8SS0B71pi:40RxTBHPJDKPqBs4CR2ES0Bi
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Blocklisted process makes network request
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-