Overview

overview

10

Static

static

10

GrowPai In...ai.dll

windows11-21h2-x64

9

GrowPai In...al.exe

windows11-21h2-x64

10

GrowPai In...er.exe

windows11-21h2-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    GrowPai_Inzernal.rar

  • Size

    38.3MB

  • Sample

    240121-kv3gnsadh3

  • MD5

    e21f3de9a5ecb24b9f0eab5f7854b3ca

  • SHA1

    1a086f22f9fc2f66b144230d8448d92cffc34f83

  • SHA256

    7a9fe1c4139c0dd5fb6083b3652f50d114cfb3b9e1c6462f0a04dcb176bac1a0

  • SHA512

    699975cd41111444b201d1e95a98c1b417b72bd1c8d515acf82d9026af4fb8c754f97eb6bdd6bf2a4453f574eecff162408898b4007187ccbdf18fbc7ef785c7

  • SSDEEP

    786432:8OyhuT+mW7jyrm24U5V5P8GboO06Q+/xoYq9lx/0XY4RlREL1plicFI16bcjPT/u:814ThsQV5jP++/xoYunkaU6bWPy

Score
10/10
eternityevasionspywarestealerthemidatrojan

Malware Config

Targets

    • Target

      GrowPai Inzernal/Growpai.dll

    • Size

      4.9MB

    • MD5

      e28e6a124ee2ea833edfe401d68d3514

    • SHA1

      0d3ae5f77205e96d7f7fe8a3b7e7bba33dfc45e6

    • SHA256

      c907312d526b8eb8e13de2501c18a445e1eb53749168b92717534c559505f040

    • SHA512

      54465b48d52e355c58520de438ba6a2c7a5f33697a1eee268d2e1ce9a36b305a306a2d45b8d7b6148233eb19fa936faa77a651a491b8e14f9e316a65b6364565

    • SSDEEP

      98304:kxu9K5eCPmdMwQE/OWLSIUTD6tvqy+S7aO0vBQgwxkXX/PY6Cn:2udP2IUT+Ym0vBqx2X/Pyn

    Score
    9/10
    evasionthemidatrojan

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

      themida

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

    • Target

      GrowPai Inzernal/Inzernal.exe

    • Size

      35.7MB

    • MD5

      d815f8a597d063c2a41706fae7bcae96

    • SHA1

      708bc33078ed1d434e39d9fef439b1f545b7abd8

    • SHA256

      bb9e65f3e2d03a24d3a6ccc79ab16208eb391e7db5d150d946e1b9f8932e9683

    • SHA512

      502b1d16894f10518d58564d34dccac84f64ef44d950f1ba9689d243aa0aef09f72fdbe64a106da937b600cc5f204d9ddd8b91bfb401b2ad6d79adb483fd1211

    • SSDEEP

      786432:eF2eoWV9K6d99d7IxW0HR+LswG1mLPo4AKxjU8S8jh1UXo7kfeka0sLNEGJ:eIeoWRd99SxW0H4swG1mbo4S8IXo7WDu

    Score
    10/10
    eternityevasionspywarestealertrojan

    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • Detects Eternity stealer

      stealer

    • Eternity

      Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.

      eternity

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • Drops startup file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Windows security modification

      evasiontrojan
    behavioral2

    • Target

      GrowPai Inzernal/loader.exe

    • Size

      14KB

    • MD5

      9e25530dde3c4d19216983ad1cc9e516

    • SHA1

      5b600acbee56cd300e0336e9586cbc60d25df573

    • SHA256

      66975a5814ee58e19ad967e2f96a86ac4dcd941a764c52e37db7a8e3cc0803fb

    • SHA512

      c4e4889747b2c1d05411b80ac9ac6fa3b24f34318570e4fe2353208ce4a030686391b86389c4fe514bf687b9084edc15d0d3fbc0f253021e5e7f37a183810376

    • SSDEEP

      192:KGsy159/j/H3nCCBc21q5efqBF1EV0A5TV1McfJ0PaFFOIV9s3Q5tfBDSJGp:KGsy1597/H3CCBcNmqBF+VVlC3NJ0

    Score
    1/10
    behavioral3

MITRE ATT&CK Enterprise v15

Tasks