Overview

overview

10

Static

static

10

Bunifu.dll

windows7-x64

1

Bunifu.dll

windows10-2004-x64

1

DiscordRPC.dll

windows7-x64

1

DiscordRPC.dll

windows10-2004-x64

1

ENet.Managed.dll

windows7-x64

1

ENet.Managed.dll

windows10-2004-x64

1

Eternity.exe

windows7-x64

10

Eternity.exe

windows10-2004-x64

10

Newtonsoft.Json.dll

windows7-x64

1

Newtonsoft.Json.dll

windows10-2004-x64

1

System.Buffers.dll

windows7-x64

1

System.Buffers.dll

windows10-2004-x64

1

System.Memory.dll

windows7-x64

1

System.Memory.dll

windows10-2004-x64

1

System.Num...rs.dll

windows7-x64

1

System.Num...rs.dll

windows10-2004-x64

1

System.Run...fe.dll

windows7-x64

1

System.Run...fe.dll

windows10-2004-x64

1

Resubmissions

12-06-2023 17:44

230612-wbky3adb79 10

Analysis

  • max time kernel
    533s
  • max time network
    462s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    12-06-2023 17:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Eternity.exe

  • Size

    40.7MB

  • MD5

    909e2b616e00a2bc02bdffc997579410

  • SHA1

    5844639727922d3a680d908f7d413363b998d17c

  • SHA256

    cdb04f1b435968dacea47f4a28fff8c0612ffbac9b8df2da01014760d71a297f

  • SHA512

    ccdf71d58e0397f8201a7a3e7014520184ebba841143795e41793da8def0d5d077f4fcca2390b3f7689e5f99dacfa0f86904d66d47f6e77f5c0e1cba39bda6a5

  • SSDEEP

    786432:jzvsyBy7Mu30RxS9MQo+hc3XivKvWN0w4xng7+2MD4sLh:UyCMrzwag7+2MkW

Score
10/10
growtopiastealer

Malware Config

Signatures

  • Growtopia

    Growtopa is an opensource modular stealer written in C#.

    stealergrowtopia
  • Loads dropped DLL 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Eternity.exe
    "C:\Users\Admin\AppData\Local\Temp\Eternity.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of AdjustPrivilegeToken
    PID:2004

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\enet_managed_resource\enet-win32-x86.dll
    Filesize

    39KB

    MD5

    9ee69aa4f1d58226f40fbc3cb509a7ad

    SHA1

    eb5313a624cc6da2d9f6207aaa4977039db336ee

    SHA256

    1f13200b33c50c78d3bed0e05b0369d6379b38660328c5565e5aa40fa408eb48

    SHA512

    b1c2d72523c1ec874c32f0b26dd4d07467803eb7770e1597abe5040501c3da15f775643be6bc5e550ae3bc01ad49cec4324645543133f8154932e750e909da19

    Download Submit

  • memory/2004-57-0x00000000099E0000-0x000000000AD68000-memory.dmp

    Filesize

    19.5MB

    Download

  • memory/2004-56-0x0000000000380000-0x0000000000381000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2004-54-0x00000000011D0000-0x0000000003A30000-memory.dmp

    Filesize

    40.4MB

    Download

  • memory/2004-58-0x00000000075A0000-0x0000000007676000-memory.dmp

    Filesize

    856KB

    Download

  • memory/2004-59-0x0000000000530000-0x0000000000538000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2004-55-0x0000000007280000-0x00000000072C0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2004-63-0x00000000006D0000-0x00000000006EA000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2004-64-0x000000000B1D0000-0x000000000B27A000-memory.dmp

    Filesize

    680KB

    Download

  • memory/2004-65-0x0000000000CB0000-0x0000000000CF0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2004-66-0x000000006EFC0000-0x000000006EFD2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2004-67-0x0000000007280000-0x00000000072C0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2004-69-0x0000000007280000-0x00000000072C0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2004-70-0x0000000007280000-0x00000000072C0000-memory.dmp

    Filesize

    256KB

    Download