Overview

overview

10

Static

static

3

Eater-main...dex.js

windows11-21h2-x64

1

Eater-main...er.vbs

windows11-21h2-x64

3

Eater-main...VF.zip

windows11-21h2-x64

Eater_VF/runner.vbs

windows11-21h2-x64

Eater_VF/svhost.exe

windows11-21h2-x64

Eater-main...er.vbs

windows11-21h2-x64

3

Eater-main...st.exe

windows11-21h2-x64

1

Eater-main...us.exe

windows11-21h2-x64

1

Eater-main/index.js

windows11-21h2-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Eater-main.zip

  • Size

    62.2MB

  • Sample

    240418-x2fmpsdg3v

  • MD5

    816f7e2edcfdafe98538cc5850fa1773

  • SHA1

    919da4f650240b3fd189c3522e28c81cb45c5f4b

  • SHA256

    d675201a8e9ad567887a2453e81738fff5126afc96da9e8aba16e0203c08ea52

  • SHA512

    f1f44fd4886a6ac39131c77926d08877426a64fb96dff4b8260520a77db39eef80a313ffc9d7a828cdd84bdec6ddad8e79ad759bede73685f26eac05129b1f5f

  • SSDEEP

    1572864:rX+kVvcTAAcShSA5JgwoeOJ/1eT53SoGCbmhCiT:ruWcTJAr9yMCSzT

Score
10/10
agilenetdiscoveryevasionexploitpersistenceransomwaretrojan

Malware Config

Targets

    • Target

      Eater-main/Eater_VF/index.js

    • Size

      1KB

    • MD5

      8e36dcc2b4c8663eee35c963764785a4

    • SHA1

      b5763a69cc1504ec9bf636e653bcaedb3649da36

    • SHA256

      e119d80c9cd029b4492a0536f35bc7b1caca12cf86b974058632b9ed7a48b0d7

    • SHA512

      e1f19aed71e8266d069990c362319d6969adaaa1f045c0ab3770308e1009aa2927b0060b96ff84ef84dc1baf973e78596555966fa979f3c3a38fe7e1ac3d96cd

    Score
    1/10
    behavioral1

    • Target

      Eater-main/Eater_VF/runner.vbs

    • Size

      93B

    • MD5

      7c861e1ebf06eaad679172b27a2611d8

    • SHA1

      3c9ed87e8faf3c6e9a6b32af0804e868b3d3a19b

    • SHA256

      257e018fbd4aa6fbbdf66503d194fcf893abe74ab7b2f5b371724a72cd5b56b5

    • SHA512

      fc2732dbd57e44b8b8e32235bee50e9f10502eccac52e12bb1d3e6008889f1387886e56a6e21e7fea85ad2be5760f72eb0e6c31d5b3fb61fb9b6506936d07b4b

    Score
    3/10
    behavioral2

    • Target

      Eater-main/example/Eater_VF.zip

    • Size

      20.6MB

    • MD5

      0b5ee53dd3f7789f949ba1b2b4bab85d

    • SHA1

      e74b270b5046d3ba8e59667a751cb304a4f230e5

    • SHA256

      80a5bbf2dbe6d481cc930d89f23d0c10bc3d6363a5aa14ab45b5eabb8dff8c25

    • SHA512

      8c504942a558cda426886305181589c28925d85c21c75f37d5f248e06570d291f3ae95fcd11ee0d7a09c4b9f80e686fce49ac9425c4732a0e247b21d6fc13828

    • SSDEEP

      393216:khXNFKYJ0o4VwklTa9ZehxhIFZgo4Zd5z+1wavNas1PFcyoDQPPbJrXQY17cx:k9LKGS2klc4hoZgo4ZGNgAPgDQP9D7cx

    Score
    8/10
    evasionransomware

    • Disables Task Manager via registry modification

      evasion

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Sets desktop wallpaper using registry

      ransomware
    behavioral3

    • Target

      Eater_VF/runner.vbs

    • Size

      93B

    • MD5

      7c861e1ebf06eaad679172b27a2611d8

    • SHA1

      3c9ed87e8faf3c6e9a6b32af0804e868b3d3a19b

    • SHA256

      257e018fbd4aa6fbbdf66503d194fcf893abe74ab7b2f5b371724a72cd5b56b5

    • SHA512

      fc2732dbd57e44b8b8e32235bee50e9f10502eccac52e12bb1d3e6008889f1387886e56a6e21e7fea85ad2be5760f72eb0e6c31d5b3fb61fb9b6506936d07b4b

    Score
    10/10
    agilenetdiscoveryevasionexploitpersistencetrojan

    • Modifies WinLogon for persistence

      persistence

    • UAC bypass

      evasiontrojan

    • Disables RegEdit via registry modification

      evasion

    • Disables Task Manager via registry modification

      evasion

    • Possible privilege escalation attempt

      exploit

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Modifies system executable filetype association

      persistence

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    behavioral4

    • Target

      Eater_VF/svhost.exe

    • Size

      62.4MB

    • MD5

      95f0d66f217894cf66d7c1cc81728820

    • SHA1

      3e99aa9a61eb80f3cc2d6e8b1ed319f14bff4cf7

    • SHA256

      7184c026bf4ef44088aca38b41c68c5e3b65b2849649eabdc8c07425078971c6

    • SHA512

      7399f4da46c4a0ee7280225846b1b0b040bc4f8370bb5e5aeb9d7b34ce10327fdaaddd8eeb05e8fd7246b29f0f94984de9ebe37d398ace0989621d9c7ac682e8

    • SSDEEP

      393216:eiOuobfMNoidslJEiNdO8xaXebz8XUUo3NrWc3PBSPFKdiXUxDmTJrIWlj36Ul2P:kuozyo51dlx5wMhWc3ImO2

    Score
    1/10
    behavioral5

    • Target

      Eater-main/example/Eater_VF/runner.vbs

    • Size

      93B

    • MD5

      7c861e1ebf06eaad679172b27a2611d8

    • SHA1

      3c9ed87e8faf3c6e9a6b32af0804e868b3d3a19b

    • SHA256

      257e018fbd4aa6fbbdf66503d194fcf893abe74ab7b2f5b371724a72cd5b56b5

    • SHA512

      fc2732dbd57e44b8b8e32235bee50e9f10502eccac52e12bb1d3e6008889f1387886e56a6e21e7fea85ad2be5760f72eb0e6c31d5b3fb61fb9b6506936d07b4b

    Score
    3/10
    behavioral6

    • Target

      Eater-main/example/Eater_VF/svhost.exe

    • Size

      62.4MB

    • MD5

      95f0d66f217894cf66d7c1cc81728820

    • SHA1

      3e99aa9a61eb80f3cc2d6e8b1ed319f14bff4cf7

    • SHA256

      7184c026bf4ef44088aca38b41c68c5e3b65b2849649eabdc8c07425078971c6

    • SHA512

      7399f4da46c4a0ee7280225846b1b0b040bc4f8370bb5e5aeb9d7b34ce10327fdaaddd8eeb05e8fd7246b29f0f94984de9ebe37d398ace0989621d9c7ac682e8

    • SSDEEP

      393216:eiOuobfMNoidslJEiNdO8xaXebz8XUUo3NrWc3PBSPFKdiXUxDmTJrIWlj36Ul2P:kuozyo51dlx5wMhWc3ImO2

    Score
    1/10
    behavioral7

    • Target

      Eater-main/example/antivirus.exe

    • Size

      63.1MB

    • MD5

      fb4ff0736edaa11bda8ce1197c9ccf2b

    • SHA1

      ea607ba5e4126e6a9a3f81f3d20051cc247eb444

    • SHA256

      59f23a51834094e901029248ae78d7bf850ed3a68abe7487b8eb28f755e16409

    • SHA512

      36e4d68396af9bcee83194c2f1dd87bec9aedc61c2d0c2cc2c356ba4003dee0125ef2013585b98593d28f3cf6240554ae0809abde85b5bc6286167cdcfc027ed

    • SSDEEP

      393216:eiOuobfMNoidslJEiNdO8xaXpbz8XUUo3NrWc3PBSPFKdiXUxDmTJrIWlj36Ul2E:kuozyo51dlxmwMhWc3ImOhV

    Score
    1/10
    behavioral8

    • Target

      Eater-main/index.js

    • Size

      1KB

    • MD5

      bdbd94fe0401e2b029e58529c73f40e2

    • SHA1

      833330dd5c4541fa5d81dc96d1dbd5ab17186b21

    • SHA256

      631abf9b19d24c4488a4935f6c2a32ca0e0441b92003b542085b53a38ea027ab

    • SHA512

      35735ab161ee8d1c0deade7ac432ca0ce7ac6124a40f9dc8e3ab7d08fdb158c53b46e4233f5eeb0e3f71272b1a13e7536d2748737646030816e3d0afd37810a2

    Score
    1/10
    behavioral9

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Winlogon Helper DLL

1
T1547.004

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Privilege Escalation

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Winlogon Helper DLL

1
T1547.004

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Defense Evasion

Modify Registry

6
T1112

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Impair Defenses

1
T1562

Disable or Modify Tools

1
T1562.001

File and Directory Permissions Modification

1
T1222

Credential Access

Discovery

System Information Discovery

7
T1082

Query Registry

4
T1012

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Defacement

1
T1491

Resource Development

Reconnaissance

Tasks