Overview

overview

10

Static

static

10

GrowHack.exe

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    GrowHack.exe

  • Size

    1001KB

  • Sample

    240704-x7tfravdnr

  • MD5

    b8d1446878c406d108dc8e4952010a4a

  • SHA1

    2276d53b8f5437ac70d66639181ff6a89a5a9b6e

  • SHA256

    642fefcd427816d35ac72bd7cb542293df83c5b649b927cdf95b3e1718e4ddb7

  • SHA512

    858b0e4d51ca2c5a481f0f2711f35f4430d8b90ebe52686c0c9d485889c2b44f64b53d32ab97147b91f0918b1d3bd5656bd52738ef10b4a9a485c76c6cd8dba0

  • SSDEEP

    24576:QwT7rC6qWbGbQ/JX3R//yGJYXz2P9fNoiA:xrC6qW6SJXB//2XClfuF

Score
10/10
eternitydiscoveryevasionspywarestealertrojan

Malware Config

Targets

    • Target

      GrowHack.exe

    • Size

      1001KB

    • MD5

      b8d1446878c406d108dc8e4952010a4a

    • SHA1

      2276d53b8f5437ac70d66639181ff6a89a5a9b6e

    • SHA256

      642fefcd427816d35ac72bd7cb542293df83c5b649b927cdf95b3e1718e4ddb7

    • SHA512

      858b0e4d51ca2c5a481f0f2711f35f4430d8b90ebe52686c0c9d485889c2b44f64b53d32ab97147b91f0918b1d3bd5656bd52738ef10b4a9a485c76c6cd8dba0

    • SSDEEP

      24576:QwT7rC6qWbGbQ/JX3R//yGJYXz2P9fNoiA:xrC6qW6SJXB//2XClfuF

    Score
    10/10
    eternitydiscoveryevasionspywarestealertrojan

    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • Detects Eternity stealer

      stealer

    • Eternity

      Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.

      eternity

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops desktop.ini file(s)

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks