eternity | Robux_Method[.]exe | Triage

Sharing

General

Target

Robux_Method.exe
Size

902KB
MD5

0ccae06c602cb87fc6a8e5b78d4b377e
SHA1

1f6607d2f20a617a7b6aeb34d9acf43246d4195f
SHA256

9e50714e07170ecf3ea21369f84f9abd6db060fbc1e5d6dfdf4923f874a70b6f
SHA512

a072579827c4f45e8746d2a8999456d0dd728c07260cd38ddf3c6581163449cc8b912fb8d55449af1ee832f2b87e9010ffdb874e784a9b76c23aa9e59a00b7dc
SSDEEP

24576:hwT7rC6qSL3ym95YE0bykWe0S8BY4RfkWrG:QrC6qS77KbLWeRwzrG

Score

10^/10

stealer eternity

Malware Config

Signatures

Contains code to disable Windows Defender 1 IoCs

A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

resource	yara_rule
sample	disable_win_def

Detects Eternity stealer 1 IoCs

resource	yara_rule
sample	eternity_stealer

Eternity family
eternity

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Robux_Method.exe

Files

Robux_Method.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 271KB - Virtual size: 270KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.eter0
Size: 450KB - Virtual size: 449KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.eter1
Size: 176KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ