eternity | Gabb[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Gabb.exe
Size

1.7MB
MD5

af9b4a80719e6d96d1d9ffa6277c4128
SHA1

1fc9fb411ad72a7ae8b4bc406ee8084d772de329
SHA256

55a2b4b10adcfddf074ae9d5eb5119de9e733da7d0d28902f65b9bef0f9bcecb
SHA512

ae26589bf9c4f1acbe9de5f22e5dfa69dd91344252f6f91e60519925a889ea0f41bcce41b556ed638ea244e6dfdd77701c2244f078e28c46a1f241c19f5af28a
SSDEEP

12288:xTEYAsROAsrt/uxduo1jB0Y96qHlo7tCU321BCXRqG9sGVoTiNiCJNO+/17srtKv:xwT7rC6qHlWBsc5hV1NfO+/FsreH

Score

10^/10

stealer eternity

Malware Config

Signatures

Detects Eternity stealer 1 IoCs

resource	yara_rule
sample	eternity_stealer

Eternity family
eternity

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Gabb.exe

Files

Gabb.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 266KB - Virtual size: 265KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.eter0
Size: 444KB - Virtual size: 444KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.eter1
Size: 173KB - Virtual size: 173KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 424KB - Virtual size: 423KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ