Overview
overview
10Static
static
3Eater-main...dex.js
windows11-21h2-x64
1Eater-main...er.vbs
windows11-21h2-x64
3Eater-main...VF.zip
windows11-21h2-x64
Eater_VF/runner.vbs
windows11-21h2-x64
Eater_VF/svhost.exe
windows11-21h2-x64
Eater-main...er.vbs
windows11-21h2-x64
3Eater-main...st.exe
windows11-21h2-x64
1Eater-main...us.exe
windows11-21h2-x64
1Eater-main/index.js
windows11-21h2-x64
1General
-
Target
Eater-main.zip
-
Size
62.2MB
-
Sample
240418-x2fmpsdg3v
-
MD5
816f7e2edcfdafe98538cc5850fa1773
-
SHA1
919da4f650240b3fd189c3522e28c81cb45c5f4b
-
SHA256
d675201a8e9ad567887a2453e81738fff5126afc96da9e8aba16e0203c08ea52
-
SHA512
f1f44fd4886a6ac39131c77926d08877426a64fb96dff4b8260520a77db39eef80a313ffc9d7a828cdd84bdec6ddad8e79ad759bede73685f26eac05129b1f5f
-
SSDEEP
1572864:rX+kVvcTAAcShSA5JgwoeOJ/1eT53SoGCbmhCiT:ruWcTJAr9yMCSzT
Static task
static1
Behavioral task
behavioral1
Sample
Eater-main/Eater_VF/index.js
Resource
win11-20240412-en
Behavioral task
behavioral2
Sample
Eater-main/Eater_VF/runner.vbs
Resource
win11-20240412-en
Behavioral task
behavioral3
Sample
Eater-main/example/Eater_VF.zip
Resource
win11-20240412-en
Behavioral task
behavioral4
Sample
Eater_VF/runner.vbs
Resource
win11-20240412-en
Behavioral task
behavioral5
Sample
Eater_VF/svhost.exe
Resource
win11-20240412-en
Behavioral task
behavioral6
Sample
Eater-main/example/Eater_VF/runner.vbs
Resource
win11-20240412-en
Behavioral task
behavioral7
Sample
Eater-main/example/Eater_VF/svhost.exe
Resource
win11-20240412-en
Behavioral task
behavioral8
Sample
Eater-main/example/antivirus.exe
Resource
win11-20240412-en
Behavioral task
behavioral9
Sample
Eater-main/index.js
Resource
win11-20240412-en
Malware Config
Targets
-
-
Target
Eater-main/Eater_VF/index.js
-
Size
1KB
-
MD5
8e36dcc2b4c8663eee35c963764785a4
-
SHA1
b5763a69cc1504ec9bf636e653bcaedb3649da36
-
SHA256
e119d80c9cd029b4492a0536f35bc7b1caca12cf86b974058632b9ed7a48b0d7
-
SHA512
e1f19aed71e8266d069990c362319d6969adaaa1f045c0ab3770308e1009aa2927b0060b96ff84ef84dc1baf973e78596555966fa979f3c3a38fe7e1ac3d96cd
Score1/10 -
-
-
Target
Eater-main/Eater_VF/runner.vbs
-
Size
93B
-
MD5
7c861e1ebf06eaad679172b27a2611d8
-
SHA1
3c9ed87e8faf3c6e9a6b32af0804e868b3d3a19b
-
SHA256
257e018fbd4aa6fbbdf66503d194fcf893abe74ab7b2f5b371724a72cd5b56b5
-
SHA512
fc2732dbd57e44b8b8e32235bee50e9f10502eccac52e12bb1d3e6008889f1387886e56a6e21e7fea85ad2be5760f72eb0e6c31d5b3fb61fb9b6506936d07b4b
Score3/10 -
-
-
Target
Eater-main/example/Eater_VF.zip
-
Size
20.6MB
-
MD5
0b5ee53dd3f7789f949ba1b2b4bab85d
-
SHA1
e74b270b5046d3ba8e59667a751cb304a4f230e5
-
SHA256
80a5bbf2dbe6d481cc930d89f23d0c10bc3d6363a5aa14ab45b5eabb8dff8c25
-
SHA512
8c504942a558cda426886305181589c28925d85c21c75f37d5f248e06570d291f3ae95fcd11ee0d7a09c4b9f80e686fce49ac9425c4732a0e247b21d6fc13828
-
SSDEEP
393216:khXNFKYJ0o4VwklTa9ZehxhIFZgo4Zd5z+1wavNas1PFcyoDQPPbJrXQY17cx:k9LKGS2klc4hoZgo4ZGNgAPgDQP9D7cx
Score8/10-
Disables Task Manager via registry modification
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-
-
-
Target
Eater_VF/runner.vbs
-
Size
93B
-
MD5
7c861e1ebf06eaad679172b27a2611d8
-
SHA1
3c9ed87e8faf3c6e9a6b32af0804e868b3d3a19b
-
SHA256
257e018fbd4aa6fbbdf66503d194fcf893abe74ab7b2f5b371724a72cd5b56b5
-
SHA512
fc2732dbd57e44b8b8e32235bee50e9f10502eccac52e12bb1d3e6008889f1387886e56a6e21e7fea85ad2be5760f72eb0e6c31d5b3fb61fb9b6506936d07b4b
-
Modifies WinLogon for persistence
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Possible privilege escalation attempt
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Modifies system executable filetype association
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
-
-
Target
Eater_VF/svhost.exe
-
Size
62.4MB
-
MD5
95f0d66f217894cf66d7c1cc81728820
-
SHA1
3e99aa9a61eb80f3cc2d6e8b1ed319f14bff4cf7
-
SHA256
7184c026bf4ef44088aca38b41c68c5e3b65b2849649eabdc8c07425078971c6
-
SHA512
7399f4da46c4a0ee7280225846b1b0b040bc4f8370bb5e5aeb9d7b34ce10327fdaaddd8eeb05e8fd7246b29f0f94984de9ebe37d398ace0989621d9c7ac682e8
-
SSDEEP
393216:eiOuobfMNoidslJEiNdO8xaXebz8XUUo3NrWc3PBSPFKdiXUxDmTJrIWlj36Ul2P:kuozyo51dlx5wMhWc3ImO2
Score1/10 -
-
-
Target
Eater-main/example/Eater_VF/runner.vbs
-
Size
93B
-
MD5
7c861e1ebf06eaad679172b27a2611d8
-
SHA1
3c9ed87e8faf3c6e9a6b32af0804e868b3d3a19b
-
SHA256
257e018fbd4aa6fbbdf66503d194fcf893abe74ab7b2f5b371724a72cd5b56b5
-
SHA512
fc2732dbd57e44b8b8e32235bee50e9f10502eccac52e12bb1d3e6008889f1387886e56a6e21e7fea85ad2be5760f72eb0e6c31d5b3fb61fb9b6506936d07b4b
Score3/10 -
-
-
Target
Eater-main/example/Eater_VF/svhost.exe
-
Size
62.4MB
-
MD5
95f0d66f217894cf66d7c1cc81728820
-
SHA1
3e99aa9a61eb80f3cc2d6e8b1ed319f14bff4cf7
-
SHA256
7184c026bf4ef44088aca38b41c68c5e3b65b2849649eabdc8c07425078971c6
-
SHA512
7399f4da46c4a0ee7280225846b1b0b040bc4f8370bb5e5aeb9d7b34ce10327fdaaddd8eeb05e8fd7246b29f0f94984de9ebe37d398ace0989621d9c7ac682e8
-
SSDEEP
393216:eiOuobfMNoidslJEiNdO8xaXebz8XUUo3NrWc3PBSPFKdiXUxDmTJrIWlj36Ul2P:kuozyo51dlx5wMhWc3ImO2
Score1/10 -
-
-
Target
Eater-main/example/antivirus.exe
-
Size
63.1MB
-
MD5
fb4ff0736edaa11bda8ce1197c9ccf2b
-
SHA1
ea607ba5e4126e6a9a3f81f3d20051cc247eb444
-
SHA256
59f23a51834094e901029248ae78d7bf850ed3a68abe7487b8eb28f755e16409
-
SHA512
36e4d68396af9bcee83194c2f1dd87bec9aedc61c2d0c2cc2c356ba4003dee0125ef2013585b98593d28f3cf6240554ae0809abde85b5bc6286167cdcfc027ed
-
SSDEEP
393216:eiOuobfMNoidslJEiNdO8xaXpbz8XUUo3NrWc3PBSPFKdiXUxDmTJrIWlj36Ul2E:kuozyo51dlxmwMhWc3ImOhV
Score1/10 -
-
-
Target
Eater-main/index.js
-
Size
1KB
-
MD5
bdbd94fe0401e2b029e58529c73f40e2
-
SHA1
833330dd5c4541fa5d81dc96d1dbd5ab17186b21
-
SHA256
631abf9b19d24c4488a4935f6c2a32ca0e0441b92003b542085b53a38ea027ab
-
SHA512
35735ab161ee8d1c0deade7ac432ca0ce7ac6124a40f9dc8e3ab7d08fdb158c53b46e4233f5eeb0e3f71272b1a13e7536d2748737646030816e3d0afd37810a2
Score1/10 -
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Event Triggered Execution
1Change Default File Association
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Abuse Elevation Control Mechanism
1Bypass User Account Control
1Event Triggered Execution
1Change Default File Association
1Defense Evasion
Modify Registry
6Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1File and Directory Permissions Modification
1