Overview

overview

10

Static

static

10

GrowPai In...19.exe

windows7-x64

10

GrowPai In...19.exe

windows10-2004-x64

10

GrowPai In...ai.dll

windows7-x64

9

GrowPai In...ai.dll

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    GrowPai_Inzernal.zip

  • Size

    5.4MB

  • Sample

    230331-x7emlaeb6x

  • MD5

    4f8e42bd4e77183e4a9896a6bae601a0

  • SHA1

    d0c0ec25836db3da471ac3f33784fdeef4e149d2

  • SHA256

    19431158b6c3639b4a538195609c9014ac6831c281d135eead1c81562f5e609b

  • SHA512

    7a12ecd919e025fd151f842ec377432aaaf24c0fd94f2b9226f1f80ef1eb315821557177515ba1c6a31ed6b6b0e388c4077ffa71af20b2df070d57025d2fb039

  • SSDEEP

    98304:K58IkT6ivhtMr/Evi5p1S4Pp78aM/SxCF0AD+Xm22Ruhy4zpnup7ALy:KJGLJWrqsS4Pp78ahCF0AD+2RuSiLy

Score
10/10
eternityevasionstealerthemidatrojan

Malware Config

Targets

    • Target

      GrowPai Inzernal/GrowPai_V4.19.exe

    • Size

      888KB

    • MD5

      ecab04fb9700a9158635b488fdfe8756

    • SHA1

      c06c88ea67fe002d5b4bccb7259c57976c279678

    • SHA256

      dd6c691a0e88926762ef23e6934c34bec6631c5931c22362faa7da7185a54458

    • SHA512

      7e439b9ea3d0a83e9435d4fe68e49bdfce4d98e28c1c6006284d4a07aa696ef44d2d7364a13bc4cac25508a586b98b1d3ae7ed1b799b2762a247042639b61b9d

    • SSDEEP

      12288:2TEYAsROAsrt/uxduo1jB0Y96qUmC9uyvvX0Dux6zCim8Tt:2wT7rC6qU59uyHEDuYm8Tt

    Score
    10/10
    eternitystealer

    • Detects Eternity stealer

      stealer

    • Eternity

      Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.

      eternity

    • Executes dropped EXE

    behavioral1behavioral2

    • Target

      GrowPai Inzernal/Growpai.dll

    • Size

      4.8MB

    • MD5

      7f3c2aed44eb710ed0f624f3d4bb665e

    • SHA1

      8389c33e975681201900eab75b4d8d34fca52000

    • SHA256

      b08d00a9eba33a30059541904152d59655c7354316966fdd58090aae59958dd3

    • SHA512

      82fa8eefb4d9086bab8995d4586f73022f4e90170b1f758909f2c6d564c82f35e12fcda6aa1b514c0ea2d21ef356376a1229aae71217a591194eb3b015c7c115

    • SSDEEP

      98304:4FSydiu3WTYUHPFH7DKIE0hTBs4hQl2aRa5pi8SS0B71pi:40RxTBHPJDKPqBs4CR2ES0Bi

    Score
    9/10
    evasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Blocklisted process makes network request

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Discovery

Query Registry

5
T1012

System Information Discovery

4
T1082

Virtualization/Sandbox Evasion

1
T1497

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks