General
-
Target
Silviozas Premium Proxy V3.85984.exe
-
Size
5.0MB
-
Sample
241113-kfpbha1qcq
-
MD5
628f62f1001ff7705103ab9f5ef5ffd1
-
SHA1
6748a7dc711fdcf2787f8634a0287ea382cbd690
-
SHA256
59f927e858a8cdf2330099c7b18b3f74bc6616d67b11e174aab539bd7aff067a
-
SHA512
6eb4d989dff77528b86c866fe63c088e3c3b67bc01c5017cd9a814aebee96bfd49982d760a093371a2529ef9ee84b65194f98c3ba4f4d11a7e120725d65129c2
-
SSDEEP
98304:SrjYFpk1kqeK+h2qwqYNorcrLEtwZJJuRWpAFyFSB76Z:C9kqX+QmrcrLm4JMRuS8
Malware Config
Targets
-
-
Target
Silviozas Premium Proxy V3.85984.exe
-
Size
5.0MB
-
MD5
628f62f1001ff7705103ab9f5ef5ffd1
-
SHA1
6748a7dc711fdcf2787f8634a0287ea382cbd690
-
SHA256
59f927e858a8cdf2330099c7b18b3f74bc6616d67b11e174aab539bd7aff067a
-
SHA512
6eb4d989dff77528b86c866fe63c088e3c3b67bc01c5017cd9a814aebee96bfd49982d760a093371a2529ef9ee84b65194f98c3ba4f4d11a7e120725d65129c2
-
SSDEEP
98304:SrjYFpk1kqeK+h2qwqYNorcrLEtwZJJuRWpAFyFSB76Z:C9kqX+QmrcrLm4JMRuS8
Score10/10-
Contains code to disable Windows Defender
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
Detects Eternity stealer
-
Eternity
Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.
-
Eternity family
-
Modifies Windows Defender Real-time Protection settings
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Windows security modification
-