eternity | GT ACCOUNTS 5K[.]scr | Triage

Sharing

General

Target

GT ACCOUNTS 5K.scr
Size

2.9MB
MD5

90b50f4ae18a63c7b8904efc9f7547a1
SHA1

03d3806c434d4bc0cf36b23bf2589520e28edaa9
SHA256

43218fba895c2935079d8239751d7a5edb897dee938c49804fcaadcc799729aa
SHA512

e921bccbba162ff3ff587571df799a9e796c4f89e924984fe651c9f6152ee29febf576239a860eff1d9fe3ae1f5343433df0a9492b22af233ee3c801e1f9ebeb
SSDEEP

49152:RrC6qkrC6qVgdIMgxTAIkxrnxFfgU7cmxrg7C+Y:RrjryAIoxLf/7csE7C+

Score

10^/10

stealer eternity

Malware Config

Signatures

Detects Eternity stealer 1 IoCs

Processes:

resource	yara_rule
sample	eternity_stealer

Eternity family
eternity

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
GT ACCOUNTS 5K.scr

Files

GT ACCOUNTS 5K.scr
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.eter0
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.eter1
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ