General

  • Target

    P90P_PROXY.exe

  • Size

    905KB

  • Sample

    241006-zm1qfavfjn

  • MD5

    551cd8e5461c68ec23ec11eab941c262

  • SHA1

    bf16424415ff1562fa442981ed9f84cc167cab07

  • SHA256

    9bca0051537823f2c31bebafa453130a549599f825241423c6bc8d8c6aa49f71

  • SHA512

    52c645bbc7ab74588b3715d181f9412762f071fbc6ba5845b4b1eaf92b530f8835b4ed960f76a4b962fe3d48bd18844a79fa9557a26ae866f038526efcd40de7

  • SSDEEP

    12288:vTEYAsROAsrt/uxduo1jB0Y96q1CCgLbY/0PejVdoXvvGabyl2OswS50LHvbdu+:vwT7rC6q1CZLoLzSylbswS54T1

Malware Config

Targets

    • Target

      P90P_PROXY.exe

    • Size

      905KB

    • MD5

      551cd8e5461c68ec23ec11eab941c262

    • SHA1

      bf16424415ff1562fa442981ed9f84cc167cab07

    • SHA256

      9bca0051537823f2c31bebafa453130a549599f825241423c6bc8d8c6aa49f71

    • SHA512

      52c645bbc7ab74588b3715d181f9412762f071fbc6ba5845b4b1eaf92b530f8835b4ed960f76a4b962fe3d48bd18844a79fa9557a26ae866f038526efcd40de7

    • SSDEEP

      12288:vTEYAsROAsrt/uxduo1jB0Y96q1CCgLbY/0PejVdoXvvGabyl2OswS50LHvbdu+:vwT7rC6q1CZLoLzSylbswS54T1

    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • Detects Eternity stealer

    • Eternity

      Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.

    • Modifies Windows Defender Real-time Protection settings

    • Disables Task Manager via registry modification

    • Drops startup file

    • Executes dropped EXE

    • Windows security modification

MITRE ATT&CK Enterprise v15

Tasks