General
-
Target
Growtoken.exe
-
Size
1.2MB
-
MD5
b4fd82d36033b222e24a3bebb36160c2
-
SHA1
f0834b6a9fe196eff0df953a8054f0cc16d31b5e
-
SHA256
d44006982388af1f774550e394ebc9a613bbccd2e0dbedfdac871fee1872ad96
-
SHA512
3bc7a33310105b1a3a882e7e407de49bdb11cf8d8360d4b56d2908fc3b8d075cecb2d198803a78cde132432efd9920ebfd3ebdb3c9dd1d7dd4f3061103240b74
-
SSDEEP
12288:XTEYAsROAsrt/uxduo1jB0Y96qlBBScaepDkNDFTK/6AHR2MZ/Rev0HMpHqEc:XwT7rC6qpScJpMuSCR1ZevuEqE
Score
10/10
Malware Config
Signatures
-
Contains code to disable Windows Defender 1 IoCs
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
Detects Eternity stealer 1 IoCs
-
Eternity family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Files
-
Growtoken.exe
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
Imports
Sections