eternity

Sharing

Copy URL

Twitter E-mail

General

Target

GrowtopiaInstaller (2).exe
Size

230.6MB
Sample

240804-v6kq4s1bnj
MD5

3a3fc09ccd9742f23dfcd213ea0cc4fa
SHA1

e20b17bd6a625259b4f9b2c9f8439d761bc126e3
SHA256

9ccb0bc19f24b694a4129cc387279457e57671f8109937550258ffc40173423b
SHA512

cfc533d6c845692a94868d4df276b47276504cce838bfffea3ff41a33c6d384d70583bb9413fb6048ecea0cf1311ce38c3311fda2e712c2aef3625bb45016971
SSDEEP

6291456:2TkXdHjFqVWTv3QXZ0ZDhip7rOCXqCS6N:2WmWtb6rOCaC/

Score

10^/10

Malware Config

Targets

- Target
  
  GrowtopiaInstaller (2).exe
- Size
  
  230.6MB
- MD5
  
  3a3fc09ccd9742f23dfcd213ea0cc4fa
- SHA1
  
  e20b17bd6a625259b4f9b2c9f8439d761bc126e3
- SHA256
  
  9ccb0bc19f24b694a4129cc387279457e57671f8109937550258ffc40173423b
- SHA512
  
  cfc533d6c845692a94868d4df276b47276504cce838bfffea3ff41a33c6d384d70583bb9413fb6048ecea0cf1311ce38c3311fda2e712c2aef3625bb45016971
- SSDEEP
  
  6291456:2TkXdHjFqVWTv3QXZ0ZDhip7rOCXqCS6N:2WmWtb6rOCaC/
Score

10^/10

defense_evasion discovery persistence privilege_escalation eternity evasion stealer
- Detects Eternity stealer
  stealer
- Eternity
  Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.
  eternity
- Disables Task Manager via registry modification
  evasion
- Drops desktop.ini file(s)
- Event Triggered Execution: Image File Execution Options Injection
  persistence
- Indicator Removal: Clear Persistence
  remove IFEO.
  defense_evasion
- Legitimate hosting services abused for malware hosting/C2
- Network Service Discovery
  Attempt to gather information on host's network.
  discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  3e277798b9d8f48806fbb5ebfd4990db
- SHA1
  
  d1ab343c5792bc99599ec7acba506e8ba7e05969
- SHA256
  
  fe19353288a08a5d2640a9c022424a1d20e4909a351f2114423e087313a40d7c
- SHA512
  
  84c9d4e2e6872277bffb0e10b292c8c384d475ad163fd0a47ca924a3c79077dfde880f535a171660f73265792554129161d079a10057d44e28e2d57ebc477e92
- SSDEEP
  
  192:d4n3T5aK+dHCMR1aQR9RuZl3WWmU7WYZsw1JpVGnrjsK72dwF7dBOne:Wn3T5KdHCMRD/R1cOnrjs+BO
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  3f176d1ee13b0d7d6bd92e1c7a0b9bae
- SHA1
  
  fe582246792774c2c9dd15639ffa0aca90d6fd0b
- SHA256
  
  fa4ab1d6f79fd677433a31ada7806373a789d34328da46ccb0449bbf347bd73e
- SHA512
  
  0a69124819b7568d0dea4e9e85ce8fe61c7ba697c934e3a95e2dcfb9f252b1d9da7faf8774b6e8efd614885507acc94987733eba09a2f5e7098b774dfc8524b6
- SSDEEP
  
  192:OPtkumJX7zB22kGwfy0mtVgkCPOsX1un:/702k5qpdsXQn
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  Growtopia.exe
- Size
  
  39.8MB
- MD5
  
  eaca97167873094e5561a7a8c270edb0
- SHA1
  
  039be5d64c9fed35ba20e3bc049ff7a80d8bd69b
- SHA256
  
  ef525f5c3ae61a24e99fa290043e6a41b4bbe73fbec799addf7545538814044d
- SHA512
  
  912ea2fbf9e85f4828424d86535f3f86275b86865cd861ce7709321cd29cfd7828f32478e00b5cd938e3131f6f0fc2c7981d7c7fa7e2d90255f289dc91f0e6bb
- SSDEEP
  
  786432:yWsP/oCA4HUE6DZOKsBA8S3ldS7sfLGTJr+PBlK905c8Hm9:JsPQe0Ps28cdS7WkJrC+h8G9
Score

1^/10
behavioral7 behavioral8
- Target
  
  MicrosoftEdgeWebview2Setup.exe
- Size
  
  1.6MB
- MD5
  
  8b9812ba27e12c79319d859e97955ca4
- SHA1
  
  3cb35ac811c27e7b21b381dccab55517609190c3
- SHA256
  
  a63d59b2af0c7b2be6984280386042a230dab928e3b426d51a0afb2eff5f98e9
- SHA512
  
  8312081fcca20f1d8d393ea2588c2fd19830eb9b36700ec8bc541cd25c4c2046008f3eec07883056956adae5c56083d43ded74d3122d21555d1e43a9d1ab5618
- SSDEEP
  
  24576:o9ye32wIdWoAH+miAQoCZoWf4fh29ht/5iqSxulBbxAl/f1scgIDnzMwdF9fZ4T+:Qye32wIuAAQZKwEqbBe1scgID7fZcZJ
Score

6^/10

discovery persistence privilege_escalation
- Downloads MZ/PE file
- Event Triggered Execution: Image File Execution Options Injection
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops file in System32 directory
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral10 behavioral9
- Target
  
  SecureEngineSDK64.dll
- Size
  
  28KB
- MD5
  
  023ca3f56ce9d9aff9e4839301e82c82
- SHA1
  
  fec3bca7c4f43c9c44ffcfca1f41b5a480cba78b
- SHA256
  
  9387fedbd201f2886a28f32d1ec155a69ac86ea78e331381f6db521f8b4b5a11
- SHA512
  
  18bea9d3fde048dbd7ed0f039d44c36ccb112334b4188632772c35de06042e6d4077e1dc68ce6ac4f3a8fc4d1134940d24216a9451c79a813cd0ac33c56d354b
- SSDEEP
  
  192:6i08s5GvuxBdKKCeotPpWZlNCryWlHqX5xS5haBWUcSAfMVIBizxUv:6dZxBnCeqPpWZglsfSgA0V
Score

1^/10
behavioral11 behavioral12
- Target
  
  anzu.dll
- Size
  
  3.6MB
- MD5
  
  259a32af5b652b64addf145b389f6b60
- SHA1
  
  fe51dbf8bc1e4d8dbc3dc6dfcc48b54775b8e924
- SHA256
  
  d869244c77decc4b15dc20ba3207d9286cd67fd4599e8219a3df80edf66f7279
- SHA512
  
  f90dc7f0ef44fcbe14f08ee9addbc5c405f0b8dc8527aed7822d33f82a969a0d89fde8f6aa73bf9e5666658e682081aafd563758817c3358921a400c69829e09
- SSDEEP
  
  49152:Zic2gyhqmJ0SlAQwrkt187Sv0oFfcAlf080nUqMoa+48i1a9MhTdXrAj:ZMpmCukLOSl3pdk9MjXg
Score

1^/10
behavioral13 behavioral14
- Target
  
  sdkencryptedappticket64.dll
- Size
  
  1010KB
- MD5
  
  89491f37434a1848e016fa89bdc436e9
- SHA1
  
  4964f032ae077f8a2ba2848c57d95e1ceefdeeb4
- SHA256
  
  151b53f46c0d163ac2b47531508df942a92295fe75cbaa99e481339cb4ae82f3
- SHA512
  
  ba4004255edeb80eb385aafeee9a2b5da0968c026c7b002fc87539a449c60ecbbd78c2ea112f43b1c82e28863e22d2b8989814145c6924c666b2c82a4825893c
- SSDEEP
  
  24576:2BPcoPGk/xmJagU6ZivRa684r6dubOU9/Vxi7Cm9jw1o:OPcIGk/xmJagU6ZivRa684rzbOU92CmP
Score

1^/10
behavioral15 behavioral16
- Target
  
  steam_api64.dll
- Size
  
  291KB
- MD5
  
  f3db5801dc9b75da671b39041e2e8bcf
- SHA1
  
  40d0ae44e090db49b2309fb152fbd3e11124a376
- SHA256
  
  a44e5537939ae4eebc69000589aa9b2437a667813a1657cc779198bae9b815a9
- SHA512
  
  9abeb8542ce48f3d263e9924a82cafa80b42b730636f1df6e594679482b6638997563b5d752d5505f25596a5d0e2f56f1255e4a94bb9523d47c180bc131e22f9
- SSDEEP
  
  3072:B8Y+BDOgGIWcXSEJeRhqTMdU55UuT7+7JtN3RUOj65lhTbCMTiGu2ZvJpKCZyq+g:BYPNrQheMW5vTKxRo8CgCZyqO2CM4OYS
Score

1^/10
behavioral17 behavioral18
- Target
  
  ubiservices.dll
- Size
  
  14.8MB
- MD5
  
  d06ec93e5877f3f2623ccaa89a349a75
- SHA1
  
  a071d570f3af7fd283e99feb95938026eadc3f1a
- SHA256
  
  068bc38fa95a55d74470e9df9da71b8106668aaa647619d83a036808f14e6e5b
- SHA512
  
  7a3b57a82375835fb14ac735f882c883731ba486025cc1e86b2bb36743e2ad367ffa417f73be7a24585375cbc89ddca876acd9b208e5eebacae78f71aec2d854
- SSDEEP
  
  49152:++QTjHVpj56LNzw2Vo/PYfGctqzyf6nPsAAYQDIsPXzqGNXGMi4oY8/wFe5IOXdh:+D+VA/MsjPGRSip1zjFuoe6e
Score

1^/10
behavioral19 behavioral20
- Target
  
  vc_redist.x64.exe
- Size
  
  13.9MB
- MD5
  
  27b141aacc2777a82bb3fa9f6e5e5c1c
- SHA1
  
  3155cb0f146b927fcc30647c1a904cd162548c8c
- SHA256
  
  5eea714e1f22f1875c1cb7b1738b0c0b1f02aec5ecb95f0fdb1c5171c6cd93a3
- SHA512
  
  7789eabb6dd4a159bb899d2e6d6df70addb3df239bda6f9ead8c1d2a2ac2062fce3a495814b48a3c2bec12f13800ad0703e2c61c35158b0912011b914f098011
- SSDEEP
  
  393216:xTPq5dCsKSR65cX7Eyd/qnejOX3L8T8KYfU3j:VP5iw56oyleejcL8T8fc3
Score

7^/10

discovery
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral21 behavioral22
- Target
  
  vc_redist.x86.exe
- Size
  
  13.1MB
- MD5
  
  1a15e6606bac9647e7ad3caa543377cf
- SHA1
  
  bfb74e498c44d3a103ca3aa2831763fb417134d1
- SHA256
  
  fdd1e1f0dcae2d0aa0720895eff33b927d13076e64464bb7c7e5843b7667cd14
- SHA512
  
  e8cb67fc8e0312da3cc98364b96dfa1a63150ab9de60069c4af60c1cf77d440b7dffe630b4784ba07ea9bf146bdbf6ad5282a900ffd6ab7d86433456a752b2fd
- SSDEEP
  
  393216:S1RPq5dCsKSR65cX7Eyd/qnejOFxP7OEnl4L/Vvc:yP5iw56oyleej2OEnlwc
Score

7^/10

discovery
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral23 behavioral24
- Target
  
  zlibwapi.dll
- Size
  
  87KB
- MD5
  
  dd91e4c7d445c31682ebdd22e732d93d
- SHA1
  
  2ed9d1a085fa9179d199e0372d81462816fd7504
- SHA256
  
  1f047faec08d9a35c304fb4a7cf13853589359a8f7cbfdd48c5d5807712dcf05
- SHA512
  
  0e610c0b97a970ed6077e27f8071f32cceef6410133b9ee8934849443b8ebfb022f1d88f9b7bff77f3b5a243c73b5a4e05fae843bdbc849ba09168ecb61d5f87
- SSDEEP
  
  1536:3d34luTY6/aYPBqxRjt3JRSVoIOFIORnToIfHyRXCWdd:3hIuBZKjtZMuP5TBfqX/d
Score

1^/10
behavioral25 behavioral26